| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in namithjawahar AdPush allows Reflected XSS.This issue affects AdPush: from n/a through 1.50. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites my-favorites allows Stored XSS.This issue affects My Favorites: from n/a through <= 1.4.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.4.3. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Calendar.Online Calendar.Online / Kalender.Digital allows Stored XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.8. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SubscriptionPro WP Announcement allows Stored XSS.This issue affects WP Announcement: from n/a through 2.0.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omarfolghe Digitally digitally allows Reflected XSS.This issue affects Digitally: from n/a through <= 1.0.8. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows Stored XSS.This issue affects Simple Popup: from n/a through 4.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B.M. Rafiul Alam Awesome Contact Form7 for Elementor awesome-contact-form7-for-elementor.This issue affects Awesome Contact Form7 for Elementor: from n/a through <= 3.0. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Rahimi Goftino allows Stored XSS.This issue affects Goftino: from n/a through 1.6. |
| The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP >= 6.4.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bensibley Unlimited unlimited allows Stored XSS.This issue affects Unlimited: from n/a through <= 1.45. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codoc.Jp allows Stored XSS.This issue affects codoc: from n/a through 0.9.51.12. |
| There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Fitness Park fitness-park allows DOM-Based XSS.This issue affects Fitness Park: from n/a through <= 1.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Stored XSS.This issue affects Anant Addons for Elementor: from n/a through <= 1.2.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fredsted WP Login Attempt Log wp-login-attempt-log allows Reflected XSS.This issue affects WP Login Attempt Log: from n/a through <= 1.3. |
| Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Code Engine code-engine allows Stored XSS.This issue affects Code Engine: from n/a through <= 0.3.2. |
