Export limit exceeded: 45666 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45666 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36841 | 1 Yithemes | 1 Yith Maintenance Mode | 2025-03-28 | 6.9 Medium |
| Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. | ||||
| CVE-2021-36845 | 1 Yithemes | 1 Yith Maintenance Mode | 2025-03-28 | 6.9 Medium |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin. | ||||
| CVE-2024-29474 | 1 Zhyd | 1 Oneblog | 2025-03-28 | 5.4 Medium |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. | ||||
| CVE-2024-29470 | 1 Zhyd | 1 Oneblog | 2025-03-28 | 6.1 Medium |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. | ||||
| CVE-2021-36869 | 1 Ivorysearch | 1 Ivory Search | 2025-03-28 | 4.8 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post. | ||||
| CVE-2021-36884 | 1 Backupbliss | 1 Backup Migration | 2025-03-28 | 4.8 Medium |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions. | ||||
| CVE-2024-29469 | 2 Oneblog Project, Zhyd | 2 Oneblog, Oneblog | 2025-03-28 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. | ||||
| CVE-2021-36843 | 1 Acurax | 1 Floating Social Media Icon | 2025-03-28 | 4.8 Medium |
| Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin. | ||||
| CVE-2021-36919 | 1 Getawesomesupport | 1 Awesome Support | 2025-03-28 | 6.1 Medium |
| Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). | ||||
| CVE-2021-36911 | 1 Comment Engine Pro Project | 1 Comment Engine Pro | 2025-03-28 | 4.8 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. | ||||
| CVE-2024-55100 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2025-03-28 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter. | ||||
| CVE-2024-1588 | 1 Pressified | 1 Sendpress | 2025-03-28 | 6.8 Medium |
| The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2021-36889 | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr Project | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr | 2025-03-28 | 3.4 Low |
| Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6). | ||||
| CVE-2021-36887 | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr Project | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr | 2025-03-28 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass". | ||||
| CVE-2021-36885 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2025-03-28 | 6.1 Medium |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1). | ||||
| CVE-2023-24065 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2025-03-28 | 5.4 Medium |
| NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting. | ||||
| CVE-2023-22333 | 1 Mubag | 1 Easymail | 2025-03-28 | 6.1 Medium |
| Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | ||||
| CVE-2022-48118 | 1 Jorani | 1 Jorani | 2025-03-28 | 6.1 Medium |
| Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. | ||||
| CVE-2022-48067 | 1 Totolink | 2 A830r, A830r Firmware | 2025-03-28 | 5.5 Medium |
| An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack. | ||||
| CVE-2022-46087 | 1 Cloudschool Project | 1 Cloudschool | 2025-03-28 | 5.4 Medium |
| CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user. | ||||