Filtered by CWE-79
Total 30498 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-47647 2024-10-28 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelpieWP Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin: from n/a through 1.27.
CVE-2017-2222 1 Butlerblog 1 Wp-members 2024-10-28 N/A
Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2024-21725 2024-10-28 6.1 Medium
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
CVE-2023-51802 2024-10-28 6.1 Medium
Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component.
CVE-2023-34941 1 Asus 2 Rt-n10lx, Rt-n10lx Firmware 2024-10-28 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-38493 1 Broadcom 1 Symantec Privileged Access Management 2024-10-28 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
CVE-2023-6591 1 Ays-pro 1 Popup Box 2024-10-28 4.8 Medium
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-38274 2024-10-27 6.1 Medium
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
CVE-2024-1752 2024-10-27 6.1 Medium
The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-1664 2024-10-27 6.1 Medium
The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-4377 1 Dotonpaper 1 Dot On Paper Shortcodes 2024-10-27 6.1 Medium
The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2024-39143 1 Coderberg 1 Residencecms 2024-10-27 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload.
CVE-2024-39124 1 Roundup-tracker 1 Roundup 2024-10-27 6.1 Medium
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
CVE-2024-29470 2024-10-27 6.1 Medium
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.
CVE-2024-0711 1 Otwthemes 1 Buttons Shortcode And Widget 2024-10-27 6.1 Medium
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2024-0420 1 Mappresspro 2 Mappress Maps, Mappress Maps For Wordpress 2024-10-27 6.1 Medium
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
CVE-2024-7082 2024-10-27 6.1 Medium
The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.
CVE-2024-42412 1 Elecom 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more 2024-10-27 6.1 Medium
Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
CVE-2024-42055 1 Cervantessec 1 Cervantes 2024-10-27 6.1 Medium
Cervantes through 0.5-alpha allows stored XSS.
CVE-2024-42020 1 Veeam 1 One 2024-10-27 5.4 Medium
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.