Export limit exceeded: 346948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45610 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9522 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Qr Code | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9523 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Recommended Products | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9524 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Recount Earnings | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9525 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Recurring Payments | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9526 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Reviews | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9527 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Simple Shipping | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9528 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Software Licensing | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9530 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Upload File | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9531 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Wish Lists | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9532 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Digital Store | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9533 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Lattice | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9534 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Quota | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Quota theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9535 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Shoppette | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9536 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Twenty-twelve | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2014-125098 | 1 Dart | 1 Http Server | 2025-02-07 | 4.3 Medium |
| A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356. | ||||
| CVE-2023-27499 | 1 Sap | 2 Netweaver, Netweaver Application Server Abap | 2025-02-07 | 6.1 Medium |
| SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker. | ||||
| CVE-2023-30520 | 1 Jenkins | 1 Quay.io Trigger | 2025-02-07 | 5.4 Medium |
| Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads. | ||||
| CVE-2024-29115 | 1 Zaytech | 1 Smart Online Order For Clover | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. | ||||
| CVE-2023-29110 | 1 Sap | 4 Abap Platform, Application Interface Framework, Basis and 1 more | 2025-02-07 | 3.7 Low |
| The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application. | ||||
| CVE-2023-29112 | 1 Sap | 1 Application Interface | 2025-02-07 | 3.7 Low |
| The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application. | ||||