Search Results (365153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33651 1 Sitecore 4 Experience Commerce, Experience Manager, Experience Platform and 1 more 2025-01-08 7.5 High
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
CVE-2023-33613 1 Axtls Project 1 Axtls 2025-01-08 5.5 Medium
axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key.
CVE-2023-33569 1 Faculty Evaluation System Project 1 Faculty Evaluation System 2025-01-08 7.2 High
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user.
CVE-2023-33460 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Enterprise Linux and 2 more 2025-01-08 6.5 Medium
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
CVE-2023-2634 1 Punchcreative 1 Get Your Number 2025-01-08 4.8 Medium
The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-2572 1 Ays-pro 1 Survey Maker 2025-01-08 6.1 Medium
The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-2489 1 Trumani 1 Stop Spammers 2025-01-08 4.8 Medium
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-2488 1 Trumani 1 Stop Spammers 2025-01-08 6.1 Medium
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-2337 1 Convertkit 1 Convertkit - Email Marketing\, Email Newsletter And Landing Pages 2025-01-08 6.1 Medium
The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-0900 1 Wpdevart 1 Pricing Table Builder 2025-01-08 7.2 High
The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.
CVE-2023-0545 1 Kibokolabs 1 Hostel 2025-01-08 4.8 Medium
The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2023-0152 1 Wpexperts 1 Wp Multi Store Locator 2025-01-08 5.4 Medium
The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2022-4946 1 Accesspressthemes 1 Frontend Post Wordpress Plugin 2025-01-08 5.4 Medium
The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.
CVE-2022-43841 1 Ibm 1 Aspera Console 2025-01-08 4 Medium
IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078.
CVE-2024-23519 1 Mandsconsulting 1 Email Before Download 2025-01-08 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7.
CVE-2024-31889 1 Ibm 1 Planning Analytics Local 2025-01-08 5.4 Medium
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.
CVE-2024-31907 1 Ibm 1 Planning Analytics Local 2025-01-08 5.4 Medium
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889.
CVE-2024-31908 1 Ibm 1 Planning Analytics Local 2025-01-08 6.4 Medium
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890.
CVE-2023-27861 1 Ibm 1 Maximo Application Suite 2025-01-08 5.9 Medium
IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208.
CVE-2023-47657 1 Grandplugins 1 Woo Quick View And Buy Now 2025-01-08 5.9 Medium
Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce plugin <= 1.5.8 versions.