Export limit exceeded: 23274 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47549 | 1 Spider-themes | 1 Eazydocs | 2025-01-07 | 6.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions. | ||||
| CVE-2023-47547 | 1 Wpfactory | 1 Products\, Order \& Customers Export For Woocommerce | 2025-01-07 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions. | ||||
| CVE-2023-47546 | 1 Walterpinem | 1 Oneclick Chat To Order | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Walter Pinem OneClick Chat to Order plugin <= 1.0.4.2 versions. | ||||
| CVE-2023-47545 | 1 Fatcatapps | 1 Forms For Mailchimp By Optin Cat | 2025-01-07 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin <= 2.5.4 versions. | ||||
| CVE-2023-47533 | 1 Wpdevart | 1 Countdown And Countup\, Woocommerce Sales Timer | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions. | ||||
| CVE-2023-47532 | 1 Themeum | 1 Wp Crowdfunding | 2025-01-07 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions. | ||||
| CVE-2023-47528 | 1 Sajjad67 | 1 Wp Edit Username | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajjad Hossain Sagor WP Edit Username plugin <= 1.0.5 versions. | ||||
| CVE-2023-47524 | 1 Codebard | 1 Patron Button And Widgets For Patreon | 2025-01-07 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability (requires PHP 8.x) in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions. | ||||
| CVE-2023-47522 | 1 Photofeed | 1 Photo Feed | 2025-01-07 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin <= 2.2.1 versions. | ||||
| CVE-2024-12841 | 1 Emlog | 1 Emlog | 2025-01-07 | 4.3 Medium |
| A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12843 | 1 Emlog | 1 Emlog | 2025-01-07 | 4.3 Medium |
| A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12844 | 1 Emlog | 1 Emlog | 2025-01-07 | 4.3 Medium |
| A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12845 | 1 Emlog | 1 Emlog | 2025-01-07 | 3.5 Low |
| A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-33977 | 1 Kiwitcms | 1 Kiwi Tcms | 2025-01-07 | 8.1 High |
| Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded and Content-Security-Policy definition to prevent cross-site-scripting attacks. The upload validation checks were not 100% robust which left the possibility to circumvent them and upload a potentially dangerous file which allows execution of arbitrary JavaScript in the browser. Additionally we've discovered that Nginx's `proxy_pass` directive will strip some headers negating protections built into Kiwi TCMS when served behind a reverse proxy. This issue has been addressed in version 12.4. Users are advised to upgrade. Users unable to upgrade who are serving Kiwi TCMS behind a reverse proxy should make sure that additional header values are still passed to the client browser. If they aren't redefining them inside the proxy configuration. | ||||
| CVE-2023-2442 | 1 Gitlab | 1 Gitlab | 2025-01-07 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. | ||||
| CVE-2023-2015 | 1 Gitlab | 1 Gitlab | 2025-01-07 | 4.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims. | ||||
| CVE-2024-52000 | 1 Combodo | 1 Itop | 2025-01-07 | 6.1 Medium |
| Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting (XSS) exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic escaping of error messages when rendering on the page. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-45073 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Websphere Application Server and 4 more | 2025-01-07 | 4.8 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-34961 | 1 Chamilo | 1 Chamilo Lms | 2025-01-06 | 6.1 Medium |
| Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. | ||||
| CVE-2023-32751 | 1 Pydio | 1 Cells | 2025-01-06 | 5.4 Medium |
| Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability. | ||||