Export limit exceeded: 349896 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45871 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28499 | 1 Simonpedge | 1 Slide Anything-responsive Content\/html Slider And Carousel | 2024-11-21 | 5.4 Medium |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin <= 2.4.9 versions. | ||||
| CVE-2023-28496 | 1 Smtp2go | 1 Smtp2go | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin <= 1.4.2 versions. | ||||
| CVE-2023-28490 | 1 Estatik | 1 Estatik Mortgage Calculator | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions. | ||||
| CVE-2023-28477 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.5 Medium |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. | ||||
| CVE-2023-28476 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. | ||||
| CVE-2023-28475 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | ||||
| CVE-2023-28423 | 1 Prismtechstudios | 1 Modern Footnotes | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions. | ||||
| CVE-2023-28415 | 1 Xootix | 1 Side Cart Woocommerce | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XootiX Side Cart Woocommerce (Ajax) plugin <= 2.2 versions. | ||||
| CVE-2023-28332 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.1 Medium |
| If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. | ||||
| CVE-2023-28174 | 1 Elightup | 1 Erocket | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <= 1.2.4 versions. | ||||
| CVE-2023-28171 | 1 Wpchill | 1 Brilliance | 2024-11-21 | 5.4 Medium |
| Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions. | ||||
| CVE-2023-28166 | 1 Tags Cloud Manager Project | 1 Tags Cloud Manager | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions. | ||||
| CVE-2023-28025 | 1 Hcltech | 1 Bigfix Modern Client Management | 2024-11-21 | 6.6 Medium |
| Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage. | ||||
| CVE-2023-28014 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | 6.6 Medium |
| HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | ||||
| CVE-2023-28013 | 1 Hcltech | 1 Verse | 2024-11-21 | 6.5 Medium |
| HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | ||||
| CVE-2023-27890 | 1 Export User Project | 1 Export User | 2024-11-21 | 5.4 Medium |
| The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-27636 | 1 Progress | 1 Sitefinity | 2024-11-21 | 6.5 Medium |
| Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | ||||
| CVE-2023-27631 | 1 Mmrs151 | 1 Daily Prayer Time | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions. | ||||
| CVE-2023-27629 | 1 Geminilabs | 1 Site Reviews | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions. | ||||
| CVE-2023-27628 | 1 Sitekit Project | 1 Sitekit | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions. | ||||