Search Results (47460 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5595 1 Wpdeveloper 1 Essential Blocks 2025-04-11 5.4 Medium
The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2024-6651 2 Iptanus, Wordpress File Upload Project 2 Wordpress File Upload, Wordpress File Upload 2025-04-11 6.1 Medium
The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-6494 2 Iptanus, Wordpress File Upload Project 2 Wordpress File Upload, Wordpress File Upload 2025-04-11 6.1 Medium
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.
CVE-2024-6792 2 Technowich, Wpulike 2 Wp Ulike, Wp Ulike 2025-04-11 3.5 Low
The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.
CVE-2024-7879 2 Technowich, Wpulike 2 Wp Ulike, Wp Ulike 2025-04-11 4.8 Medium
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-10104 1 Blueglass 1 Jobs For Wordpress 2025-04-11 5.9 Medium
The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
CVE-2024-31544 1 Oretnom23 1 Computer Laboratory Management System 2025-04-11 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record.
CVE-2024-32337 1 Wondercms 1 Wondercms 2025-04-11 6.1 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.
CVE-2024-32338 1 Wondercms 1 Wondercms 2025-04-11 5.4 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.
CVE-2023-29508 1 Xwiki 1 Xwiki 2025-04-11 8.9 High
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
CVE-2024-32339 1 Wondercms 1 Wondercms 2025-04-11 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVE-2024-32340 1 Wondercms 1 Wondercms 2025-04-11 9.6 Critical
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.
CVE-2024-32341 1 Wondercms 1 Wondercms 2025-04-11 5.4 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVE-2024-32344 1 Cmsimple 1 Cmsimple 2025-04-11 6.8 Medium
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.
CVE-2024-32345 1 Cmsimple 1 Cmsimple 2025-04-11 7.2 High
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.
CVE-2024-32743 1 Wondercms 1 Wondercms 2025-04-11 5.5 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.
CVE-2024-32744 1 Wondercms 1 Wondercms 2025-04-11 4.6 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.
CVE-2024-30879 1 Rageframe 1 Rageframe 2025-04-11 6.1 Medium
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.
CVE-2024-32745 1 Wondercms 1 Wondercms 2025-04-11 5.9 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.
CVE-2024-30880 1 Rageframe 1 Rageframe 2025-04-11 5.4 Medium
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function.