| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in xavsio4 Visit Site Link enhanced visit-site-link-enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard live-dashboard allows Reflected XSS.This issue affects Live Dashboard: from n/a through <= 0.3.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azurecurve azurecurve Floating Featured Image azurecurve-floating-featured-image allows Reflected XSS.This issue affects azurecurve Floating Featured Image: from n/a through <= 2.2.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in hoyce Universal Analytics Injector universal-analytics-injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through <= 1.0.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantho Bihosh Pit Login Welcome pit-login-welcome allows Reflected XSS.This issue affects Pit Login Welcome: from n/a through <= 1.1.5. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cojecto Predict When predict-when allows Reflected XSS.This issue affects Predict When: from n/a through <= 1.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows Reflected XSS.This issue affects Blrt WP Embed: from n/a through <= 1.6.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in Stargazer WP-BlackCheck wp-blackcheck allows Stored XSS.This issue affects WP-BlackCheck: from n/a through <= 2.7.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP FPO wp-fpo allows Reflected XSS.This issue affects WP FPO: from n/a through <= 1.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in albdesign Simple Project Manager simple-project-managment allows Stored XSS.This issue affects Simple Project Manager: from n/a through <= 1.2.2. |
| Missing Authorization vulnerability in tsecher ts-tree ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ts-tree: from n/a through <= 0.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunil chaulagain Google Map on Post/Page google-map-on-postpage allows Reflected XSS.This issue affects Google Map on Post/Page: from n/a through <= 1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Haines-Young HM Portfolio hm-portfolio allows Reflected XSS.This issue affects HM Portfolio: from n/a through <= 1.1.1. |
| A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW.
We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process. |
| Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands with root privileges. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dactum ClickBank Storefront mycbgenie-clickbank-storefront allows Reflected XSS.This issue affects ClickBank Storefront: from n/a through <= 1.7. |
| Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. |
| Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through <= 4.1. |
| A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registry_id/plane_icao leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. |
| In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().' |
