Export limit exceeded: 346637 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346637 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45581 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45581 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0152 | 1 Wpexperts | 1 Wp Multi Store Locator | 2025-01-08 | 5.4 Medium |
| The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-31889 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | 5.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136. | ||||
| CVE-2024-31907 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | 5.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. | ||||
| CVE-2024-31908 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | 6.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. | ||||
| CVE-2023-47657 | 1 Grandplugins | 1 Woo Quick View And Buy Now | 2025-01-08 | 5.9 Medium |
| Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce plugin <= 1.5.8 versions. | ||||
| CVE-2024-31236 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93. | ||||
| CVE-2024-30442 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.8.0. | ||||
| CVE-2024-30179 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6. | ||||
| CVE-2024-29108 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. | ||||
| CVE-2024-29170 | 1 Dell | 1 Powerscale Onefs | 2025-01-08 | 8.1 High |
| Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service. | ||||
| CVE-2024-28237 | 1 Octoprint | 1 Octoprint | 2025-01-08 | 4 Medium |
| OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the "Test" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers. | ||||
| CVE-2023-46099 | 1 Siemens | 1 Simatic Pcs Neo | 2025-01-08 | 5.4 Medium |
| A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user. | ||||
| CVE-2023-6128 | 1 Salesagility | 1 Suitecrm | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | ||||
| CVE-2023-47660 | 1 Wpwham | 1 Product Visibility By Country For Woocommerce | 2025-01-08 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Wham Product Visibility by Country for WooCommerce plugin <= 1.4.9 versions. | ||||
| CVE-2023-47659 | 1 Lava-code | 1 Lava Directory Manager | 2025-01-08 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions. | ||||
| CVE-2023-33969 | 1 Kanboard | 1 Kanboard | 2025-01-08 | 6.4 Medium |
| Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config. | ||||
| CVE-2023-34103 | 1 Avohq | 1 Avo | 2025-01-08 | 7.3 High |
| Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are stored and no specific timing is required. This issue has been addressed in commit `7891c01e` which is expected to be included in the next release of avo. Users are advised to configure CSP headers for their application and to limit untrusted user access as a mitigation. | ||||
| CVE-2023-47658 | 1 Actpro | 1 Extra Product Options For Woocommerce | 2025-01-07 | 5.9 Medium |
| Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in actpro Extra Product Options for WooCommerce plugin <= 3.0.3 versions. | ||||
| CVE-2023-47656 | 1 Marcomilesi | 1 Anac Xml Bandi Di Gara | 2025-01-07 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions. | ||||
| CVE-2023-47654 | 1 Livescore | 1 Bzscore | 2025-01-07 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in livescore.Bz BZScore – Live Score plugin <= 1.03 versions. | ||||