Export limit exceeded: 347095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45631 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45631 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2832 | 1 Campcodes | 1 Online Shopping System | 2025-02-20 | 3.5 Low |
| A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752. | ||||
| CVE-2025-24012 | 1 Umbraco | 1 Umbraco Cms | 2025-02-20 | 4.6 Medium |
| Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch. | ||||
| CVE-2024-52295 | 1 Dataease | 1 Dataease | 2025-02-20 | 9.8 Critical |
| DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2. | ||||
| CVE-2024-13570 | 1 Unalignedcode | 1 Stray Random Quotes | 2025-02-20 | 6.1 Medium |
| The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13543 | 1 Amini7 | 1 Zarinpal Paid Download | 2025-02-20 | 6.1 Medium |
| The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-46626 | 1 Flowfact | 1 Flowfact | 2025-02-19 | 6.1 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions. | ||||
| CVE-2023-27242 | 1 Razormist | 1 Loan Management System | 2025-02-19 | 5.4 Medium |
| SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module. | ||||
| CVE-2022-38467 | 1 Crmperks | 1 Crm Perks Forms | 2025-02-19 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | ||||
| CVE-2022-47171 | 1 Ip Vault - Wp Firewall Project | 1 Ip Vault - Wp Firewall | 2025-02-19 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions. | ||||
| CVE-2022-34148 | 1 Jetbackup | 1 Jetbackup | 2025-02-19 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions. | ||||
| CVE-2022-45814 | 1 Wp Calendar Project | 1 Wp Calendar | 2025-02-19 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions. | ||||
| CVE-2023-25064 | 1 Wp Htpasswd Project | 1 Wp Htpasswd | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions. | ||||
| CVE-2023-22679 | 1 Wp Better Emails Project | 1 Wp Better Emails | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nicolas Lemoine WP Better Emails plugin <= 0.4 versions. | ||||
| CVE-2022-41831 | 1 Wp Glossary Project | 1 Wp Glossary | 2025-02-19 | 5.4 Medium |
| Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin <= 3.1.2 versions. | ||||
| CVE-2023-22715 | 1 Wp-commentnavi Project | 1 Wp-commentnavi | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions. | ||||
| CVE-2023-23728 | 1 Winwar | 1 Wp Flipclock | 2025-02-19 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions. | ||||
| CVE-2023-23722 | 1 Winwar | 1 Wp Ebay Product Feeds | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions. | ||||
| CVE-2022-47145 | 1 Blockonomics | 1 Blockonomics | 2025-02-19 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7 versions. | ||||
| CVE-2023-26008 | 1 Top 10 - Popular Posts Project | 1 Top 10 - Popular Posts | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions. | ||||
| CVE-2022-46848 | 1 Themeisle | 1 Visualizer | 2025-02-19 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions. | ||||