Export limit exceeded: 351810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46044 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45361 | 1 0mk Shortener Project | 1 0mk Shortener | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions. | ||||
| CVE-2023-23832 | 1 Ultimate Wp Query Search Filter Project | 1 Ultimate Wp Query Search Filter | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions. | ||||
| CVE-2023-23717 | 1 Portfolio Slideshow Project | 1 Portfolio Slideshow | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions. | ||||
| CVE-2023-23827 | 1 Google Maps V3 Shortcode Project | 1 Google Maps V3 Shortcode | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Google Maps v3 Shortcode plugin <= 1.2.1 versions. | ||||
| CVE-2023-23817 | 1 Simple Pdf Viewer Project | 1 Simple Pdf Viewer | 2025-01-10 | 6.5 Medium |
| Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9 versions. | ||||
| CVE-2023-23816 | 1 Sitemap Index Project | 1 Sitemap Index | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions. | ||||
| CVE-2023-23806 | 1 Wordpress Custom Settings Project | 1 Wordpress Custom Settings | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davinder Singh Custom Settings plugin <= 1.0 versions. | ||||
| CVE-2023-25451 | 1 Wpchill | 1 Cpo Content Types | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions. | ||||
| CVE-2022-4333 | 1 Sprecher-automation | 18 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dl6-1 and 15 more | 2025-01-10 | 9.8 Critical |
| Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines. | ||||
| CVE-2022-47617 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2025-01-10 | 7.2 High |
| Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. | ||||
| CVE-2023-2470 | 1 Add To Feedly Project | 1 Add To Feedly | 2025-01-10 | 4.8 Medium |
| The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2023-2296 | 1 Loginizer | 1 Loginizer | 2025-01-10 | 6.1 Medium |
| The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-2256 | 1 Themeisle | 1 Product Addons \& Fields For Woocommerce | 2025-01-10 | 6.1 Medium |
| The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting. | ||||
| CVE-2024-13142 | 1 Zerowdd | 1 Studentmanager | 2025-01-10 | 2.4 Low |
| A vulnerability was found in ZeroWdd studentmanager 1.0. It has been declared as problematic. This vulnerability affects the function submitAddRole of the file src/main/java/com/zero/system/controller/RoleController. java. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. | ||||
| CVE-2023-31548 | 1 Churchcrm | 1 Churchcrm | 2025-01-10 | 5.4 Medium |
| A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-33961 | 1 Leantime | 1 Leantime | 2025-01-10 | 8.9 High |
| Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist. | ||||
| CVE-2023-33962 | 1 Jstachio Project | 1 Jstachio | 2025-01-10 | 5.4 Medium |
| JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes `'` in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users visiting pages that use this template engine. This can lead to various consequences, including session hijacking, defacement of web pages, theft of sensitive information, or even the propagation of malware. Version 1.0.1 contains a patch for this issue. To mitigate this vulnerability, the template engine should properly escape special characters, including single quotes. Common practice is to escape `'` as `'`. As a workaround, users can avoid this issue by using only double quotes `"` for HTML attributes. | ||||
| CVE-2023-2998 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-01-10 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. | ||||
| CVE-2023-2999 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-01-10 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. | ||||
| CVE-2023-33287 | 1 Actonic | 1 Inline Table Editing | 2025-01-10 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables. | ||||