Total
30498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51508 | 1 Tiki | 1 Tiki | 2024-10-29 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index. | ||||
| CVE-2024-51507 | 1 Tiki | 1 Tiki | 2024-10-29 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name. | ||||
| CVE-2024-51506 | 1 Tiki | 1 Tiki | 2024-10-29 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description. | ||||
| CVE-2024-48743 | 1 Tektronix | 1 Sentry | 2024-10-29 | 6.5 Medium |
| Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter. | ||||
| CVE-2024-48239 | 1 Wtcms Project | 1 Wtcms | 2024-10-29 | 4.8 Medium |
| An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS). | ||||
| CVE-2023-46824 | 1 Omaksolutions | 1 Slick Popup | 2024-10-29 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <= 1.7.14 versions. | ||||
| CVE-2023-46822 | 1 Visser | 1 Store Exporter For Woocommerce | 2024-10-29 | 6.1 Medium |
| Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin <= 2.7.2 versions. | ||||
| CVE-2023-46783 | 1 Brightplugins | 1 Pre-orders For Woocommerce | 2024-10-29 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions. | ||||
| CVE-2023-46782 | 1 Chrisyee | 1 Momentopress For Momento360 | 2024-10-29 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin <= 1.0.1 versions. | ||||
| CVE-2023-46643 | 1 Cloudnet360 | 1 Cloudnet360 | 2024-10-29 | 6.1 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <= 3.2.0 versions. | ||||
| CVE-2023-46640 | 1 Mauvedev | 1 Medialist | 2024-10-29 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin <= 1.3.9 versions. | ||||
| CVE-2023-46621 | 1 Enejbajgoric\/gagansandhu\/ctltdev | 1 User Avatar | 2024-10-29 | 6.1 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin <= 1.4.11 versions. | ||||
| CVE-2023-46613 | 1 Add-to-calendar-button | 1 Add To Calendar Button | 2024-10-29 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin <= 1.5.1 versions. | ||||
| CVE-2023-45746 | 1 Sixapart | 1 Movable Type | 2024-10-29 | 5.4 Medium |
| Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier. | ||||
| CVE-2024-3987 | 1 Freshlightlab | 1 Wp Mobile Menu | 2024-10-29 | 5.4 Medium |
| The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10276 | 1 Telestream | 1 Sentry | 2024-10-29 | 3.5 Low |
| A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-5612 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-10-29 | 6.4 Medium |
| The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-50426 | 2024-10-29 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 5.0.2. | ||||
| CVE-2024-50418 | 2024-10-29 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Time Slot Booking Time Slot allows Stored XSS.This issue affects Time Slot: from n/a through 1.3.6. | ||||
| CVE-2024-50415 | 2024-10-29 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagup Ads.Txt & App-ads.Txt Manager for WordPress allows Stored XSS.This issue affects Ads.Txt & App-ads.Txt Manager for WordPress: from n/a through 1.1.7.1. | ||||