Total
30498 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-47647 | 2024-10-28 | 5.9 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelpieWP Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin: from n/a through 1.27. | ||||
CVE-2017-2222 | 1 Butlerblog | 1 Wp-members | 2024-10-28 | N/A |
Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2024-21725 | 2024-10-28 | 6.1 Medium | ||
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. | ||||
CVE-2023-51802 | 2024-10-28 | 6.1 Medium | ||
Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component. | ||||
CVE-2023-34941 | 1 Asus | 2 Rt-n10lx, Rt-n10lx Firmware | 2024-10-28 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
CVE-2024-38493 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-10-28 | 6.1 Medium |
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | ||||
CVE-2023-6591 | 1 Ays-pro | 1 Popup Box | 2024-10-28 | 4.8 Medium |
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
CVE-2024-38274 | 2024-10-27 | 6.1 Medium | ||
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | ||||
CVE-2024-1752 | 2024-10-27 | 6.1 Medium | ||
The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
CVE-2024-1664 | 2024-10-27 | 6.1 Medium | ||
The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
CVE-2024-4377 | 1 Dotonpaper | 1 Dot On Paper Shortcodes | 2024-10-27 | 6.1 Medium |
The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
CVE-2024-39143 | 1 Coderberg | 1 Residencecms | 2024-10-27 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload. | ||||
CVE-2024-39124 | 1 Roundup-tracker | 1 Roundup | 2024-10-27 | 6.1 Medium |
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. | ||||
CVE-2024-29470 | 2024-10-27 | 6.1 Medium | ||
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. | ||||
CVE-2024-0711 | 1 Otwthemes | 1 Buttons Shortcode And Widget | 2024-10-27 | 6.1 Medium |
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
CVE-2024-0420 | 1 Mappresspro | 2 Mappress Maps, Mappress Maps For Wordpress | 2024-10-27 | 6.1 Medium |
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks | ||||
CVE-2024-7082 | 2024-10-27 | 6.1 Medium | ||
The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. | ||||
CVE-2024-42412 | 1 Elecom | 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more | 2024-10-27 | 6.1 Medium |
Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. | ||||
CVE-2024-42055 | 1 Cervantessec | 1 Cervantes | 2024-10-27 | 6.1 Medium |
Cervantes through 0.5-alpha allows stored XSS. | ||||
CVE-2024-42020 | 1 Veeam | 1 One | 2024-10-27 | 5.4 Medium |
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection. |