Export limit exceeded: 344217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45347 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45347 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32797 | 1 I13websolution | 1 Video Carousel Slider With Lightbox | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. | ||||
| CVE-2023-32796 | 1 Mingocommerce | 1 Woocommerce Product Enquiry | 2024-11-21 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions. | ||||
| CVE-2023-32793 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. | ||||
| CVE-2023-32790 | 1 Nxlog | 1 Nxlog Manager | 2024-11-21 | 4.6 Medium |
| Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter. | ||||
| CVE-2023-32746 | 1 Woocommerce | 1 Woocommerce Brands | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. | ||||
| CVE-2023-32740 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions. | ||||
| CVE-2023-32738 | 1 Xtendify | 1 Eonet Manual User Approve | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions. | ||||
| CVE-2023-32693 | 1 Decidim | 1 Decidim | 2024-11-21 | 8.1 High |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7. | ||||
| CVE-2023-32671 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | 6.3 Medium |
| A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation. | ||||
| CVE-2023-32670 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | 9 Critical |
| Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded. | ||||
| CVE-2023-32652 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 8 High |
| PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. | ||||
| CVE-2023-32619 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-11-21 | 8.8 High |
| Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2023-32603 | 1 Rednao | 1 Smart Donations | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. | ||||
| CVE-2023-32600 | 1 Rankmath | 1 Seo | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions. | ||||
| CVE-2023-32598 | 1 Shooflysolutions | 1 Featured Image Pro Post Grid | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions. | ||||
| CVE-2023-32597 | 1 I13websolution | 1 Video Gallery | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions. | ||||
| CVE-2023-32596 | 1 Wolfgangertl | 1 Weebotlite | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions. | ||||
| CVE-2023-32595 | 1 Palasthotel | 1 Sunny Search | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions. | ||||
| CVE-2023-32591 | 1 Cloudprimero | 1 Dbargain | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions. | ||||
| CVE-2023-32584 | 1 Ebecas | 1 Ebecas | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions. | ||||