Export limit exceeded: 345093 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45446 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45446 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45003 | 1 Arrowplugins | 1 Social Feed | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin <= 2.2.0 versions. | ||||
| CVE-2023-44990 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. | ||||
| CVE-2023-44987 | 1 Gettimely | 1 Timely Booking Button | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions. | ||||
| CVE-2023-44986 | 1 Tychesoftwares | 1 Abandoned Cart Lite For Woocommerce | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions. | ||||
| CVE-2023-44985 | 1 Cytechmobile | 1 Buddymeet | 2024-11-21 | 6.5 Medium |
| Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in Cytech BuddyMeet plugin <= 2.2.0 versions. | ||||
| CVE-2023-44984 | 1 Rewweb | 1 Bbp Style Pack | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions. | ||||
| CVE-2023-44954 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. | ||||
| CVE-2023-44826 | 1 Easycorp | 1 Zentao | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | ||||
| CVE-2023-44813 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. | ||||
| CVE-2023-44812 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. | ||||
| CVE-2023-44796 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | ||||
| CVE-2023-44771 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. | ||||
| CVE-2023-44770 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. | ||||
| CVE-2023-44769 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. | ||||
| CVE-2023-44767 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 4.8 Medium |
| A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content. | ||||
| CVE-2023-44766 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.8 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. | ||||
| CVE-2023-44765 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. | ||||
| CVE-2023-44764 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). | ||||
| CVE-2023-44762 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. | ||||
| CVE-2023-44761 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. | ||||