Total
260443 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5956 | 2024-02-03 | N/A | 4.8 MEDIUM | ||
| The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-6165 | 2024-02-03 | N/A | 4.8 MEDIUM | ||
| The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2023-6278 | 2024-02-03 | N/A | 6.1 MEDIUM | ||
| The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-6279 | 2024-02-03 | N/A | 7.1 HIGH | ||
| The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name | |||||
| CVE-2023-6389 | 2024-02-03 | N/A | 6.1 MEDIUM | ||
| The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2024-21750 | 2024-02-03 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5. | |||||
| CVE-2024-24062 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. | |||||
| CVE-2024-24061 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. | |||||
| CVE-2024-24060 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. | |||||
| CVE-2024-24059 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files. | |||||
| CVE-2023-52188 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter allows Stored XSS.This issue affects Footer Putter: from n/a through 1.17. | |||||
| CVE-2023-52189 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4. | |||||
| CVE-2024-22148 | 2024-02-03 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. | |||||
| CVE-2024-22430 | 2024-02-03 | N/A | 5.5 MEDIUM | ||
| Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2024-22938 | 2024-02-03 | N/A | 7.8 HIGH | ||
| Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. | |||||
| CVE-2024-22449 | 2024-02-03 | N/A | 7.8 HIGH | ||
| Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | |||||
| CVE-2023-51840 | 2024-02-03 | N/A | 9.8 CRITICAL | ||
| DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | |||||
| CVE-2024-22648 | 2024-02-03 | N/A | 5.3 MEDIUM | ||
| A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | |||||
| CVE-2024-22647 | 2024-02-03 | N/A | 5.3 MEDIUM | ||
| An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | |||||
| CVE-2024-22646 | 2024-02-03 | N/A | 5.3 MEDIUM | ||
| An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | |||||