CWE:
 

Topic
Date
Author
Low
Calibre-web 0.6.21 Stored XSS
17.11.2024
Pentest-Tools
Low
Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection
29.10.2024
Andrey Stoykov
Low
SofaWiki 3.9.2 Cross Site Scripting
25.10.2024
Chokri Hammedi
Low
Book Recording App 2024-09-24 Cross Site Scripting
07.10.2024
Arif Ari
Low
SeedDMS 6.0.28 Cross Site Scripting
02.10.2024
Marco Nappi
Low
Elaine's Realtime CRM Automation 6.18.17 Cross Site Scripting
26.09.2024
Haythem Arfaoui
Low
Elaine's Realtime CRM Automation 6.18.17 Cross Site Scripting
24.09.2024
Haythem Arfaoui
Low
FortiSiem 7.1.3 Stored XSS
08.09.2024
Ersin Sarisoy
Low
Helpdeskz 2.0.2 Cross Site Scripting
27.08.2024
Md. Sadikul Islam
Low
OX App Suite Frontend 7.10.6-rev44 Cross Site Scripting
26.08.2024
Martin Heiland
Low
Calibre Web 0.6.21 Cross Site Scripting
26.08.2024
Catalin Iovita
Low
WordPress Profilepro 1.3 Cross Site Scripting
14.08.2024
Vuln Seeker Cybersecur...
Low
WordPress MapFig Studio 0.2.1 Cross Site Request Forgery / Cross Site Scripting
14.08.2024
Vuln Seeker Cybersecur...
Low
WP-UserOnline 2.88.0 Stored Cross Site Scripting (XSS) (Authenticated)
08.08.2024
Onur Göğebakan
Med.
ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting
03.08.2024
OoN_Boy
Med.
Leads Manager Tool SQL Injection / Cross Site Scripting
03.08.2024
OoN_Boy
Med.
Apache mod_proxy_cluster Stored XSS
16.07.2024
Anonymous
Low
iMLog < 1.307 Persistent Cross Site Scripting (XSS)
16.07.2024
Gabriel Felipe
Low
LumisXP 16.1.x Cross Site Scripting
11.07.2024
Rodolfo Tavares
Low
WordPress Photo Gallery 1.8.26 Cross Site Scripting
10.07.2024
tmrswrr
Low
ResidenceCMS 2.10.1 Cross Site Scripting
09.07.2024
Jeremia Geraldi Sihomb...
Low
Customer Support System 1.0 Stored XSS
02.07.2024
Geraldo Alcantara
Low
WordPress WPCode Lite 2.1.14 Cross Site Scripting
02.07.2024
tmrswrr
Low
WordPress FooGallery 2.4.16 Cross Site Scripting
02.07.2024
tmrswrr
Low
WordPress Gallery 2.3.6 Cross Site Scripting
02.07.2024
tmrswrr
Low
Automad 2.0.0-alpha.4 Cross Site Scripting
26.06.2024
Jerry Thomas
Low
Flatboard 3.2 Cross Site Scripting
24.06.2024
tmrswrr
Low
XMB 1.9.12.06 Cross Site Scripting
18.06.2024
Chokri Hammedi
Low
Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting
15.06.2024
Sajibe Kanti
Low
AEGON LIFE 1.0 Cross Site Scripting
15.06.2024
Aslam Anwar Mahimkar
Med.
Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR
10.06.2024
C. Schwarz
Med.
SEH utnserver Pro/ProMAX / INU-100 20.1.22 XSS / DoS / File Disclosure
10.06.2024
T. Weber
Low
Sitefinity 15.0 Cross Site Scripting
04.06.2024
Aldi Saputra Wahyudi
Low
iMLog Cross Site Scripting
02.06.2024
Gabriel Felipe
Low
ORing IAP-420 2.01e Cross Site Scripting / Command Injection
02.06.2024
T. Weber
Med.
HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation
29.05.2024
Thorger Jansen
High
NorthStar C2 Cross Site Scripting / Code Execution
28.05.2024
h00die
Low
Jcow Social Network Cross Site Scripting
24.05.2024
tmrswrr
High
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
22.05.2024
h00die
Low
Rocket LMS 1.9 Cross Site Scripting
22.05.2024
Sergio Medeiros
Low
Nethserver 7 / 8 Cross Site Scripting
22.05.2024
Andrea Intilangelo
Low
Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting
19.05.2024
malvuln
Low
Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting
19.05.2024
malvuln
Low
Chyrp 2.5.2 Cross Site Scripting
14.05.2024
Ahmet Umit Bayram
Low
Apache mod_proxy_cluster Cross Site Scripting
14.05.2024
Mohamed Mounir Boudjem...
Low
Leafpub 1.1.9 Cross Site Scripting
14.05.2024
Ahmet Umit Bayram
Low
Esteghlal F.C. Cross Site Scripting
13.05.2024
E1.Coders
Low
Panel Amadey.d.c MVID-2024-0680 Cross Site Scripting
11.05.2024
malvuln
Low
SOPlanning 1.52.00 Cross Site Scripting
04.05.2024
liquidsky
Low
Doctor Appointment Management System 1.0 Cross Site Scripting
01.05.2024
SoSPiro
Low
Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS)
21.04.2024
Erdemstar
Low
Wordpress Plugin Playlist for Youtube 1.32 Stored Cross-Site Scripting (XSS)
14.04.2024
Erdemstar
Low
Blood Bank v1.0 Stored Cross Site Scripting (XSS)
14.04.2024
Ersin Erenler
Med.
OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue
11.04.2024
Martin Heiland
Low
Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect
11.04.2024
Andrey Stoykov
Low
HTMLy 2.9.6 Cross Site Scripting
08.04.2024
tmrswrr
Low
DerbyNet 9.0 render-document.php Cross Site Scripting
08.04.2024
Valentin Lobstein
Low
Seo Panel 4.7.0 Cross Site Scripting
06.04.2024
Arzu Demirez
Low
Workout Journal App 1.0 Cross Site Scripting
01.04.2024
MURAT CAGRI ALIS
Low
ARIS: Business Process Management 10.0.21.0 Cross Site Scripting
01.04.2024
Seid Yassin
Low
Bludit 3.13.0 Cross Site Scripting
26.03.2024
Gokhan Sensukur
Med.
Insurance Management System PHP And MySQL 1.0 Cross Site Scripting
26.03.2024
Hakki Toklu
Low
LimeSurvey Community 5.3.32 Cross Site Scripting
26.03.2024
Subhankar Singh
Low
Backdrop CMS 1.23.0 Cross Site Scripting
20.03.2024
Sinem Sahin
Low
Financials By Coda Cross Site Scripting
16.03.2024
Leo Draghi
Low
SnipeIT 6.2.1 Stored Cross Site Scripting
13.03.2024
Shahzaib Ali Khan
Low
FullCourt Enterprise 8.2 Cross Site Scripting
09.03.2024
Omar Sabagh
Med.
WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting
29.02.2024
Laburity Research Team
Low
SitePad 1.8.2 Cross Site Scripting
22.02.2024
tmrswrr
Med.
OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation
22.02.2024
Johannes Volpel
Low
SPA-CART CMS - Stored XSS
20.02.2024
Eren Sen
Med.
WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution
20.02.2024
prodigiousMind
Low
InstantCMS 2.16.1 Cross Site Scripting
20.02.2024
SoSPiro
Low
Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting
20.02.2024
Eren Sen
Low
Statamic CMS Cross Site Scripting
18.02.2024
Niklas Schilling
High
Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload
15.02.2024
Andrey Stoykov
Low
Wordpress simple urls Plugin < 115 XSS
15.02.2024
AmirZargham
Low
Advanced Page Visit Counter 1.0 Cross Site Scripting
10.02.2024
Furkan Ozer
Low
GYM MS 1.0 Cross Site Scripting
07.02.2024
yozgatalperen1
Low
WhatsUp Gold 2022 (22.1.0 Build 39) XSS
06.02.2024
Andreas Finstad
Low
WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting
06.02.2024
Andreas Finstad
Low
MISP 2.4.171 Cross Site Scripting
06.02.2024
Mucahit Ceri
Med.
WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting
13.01.2024
Ulyses Saicha
Low
PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting
11.01.2024
Rahad Chowdhury
Low
PHPJabbers Event Ticketing System 1.0 Cross Site Scripting / HTML Injection
11.01.2024
Rahad Chowdhury
Low
PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting
11.01.2024
Rahad Chowdhury
Low
iGalerie 3.0.22 Cross Site Scripting
10.01.2024
tmrswrr
Low
WebCalendar 1.3.0 Cross Site Scripting
03.01.2024
tmrswrr
Low
WhatACart 2.0.7 Cross Site Scripting
27.12.2023
tmrswrr
Low
ShopSite 14.0 Cross Site Scripting
26.12.2023
tmrswrr
Low
GaatiTrack Courier Management System 1.0 Cross Site Scripting
20.11.2023
Rahad Chowdhury
Low
Shuttle Booking Software 2.0 Cross Site Scripting
20.11.2023
Rahad Chowdhury
Low
Moodle 4.3 Cross Site Scripting
23.10.2023
tmrswrr
Med.
WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution
13.10.2023
James Golovich
Low
WordPress Sonaar Music 4.7 Cross Site Scripting
10.10.2023
Furkan Karaarslan
Low
WordPress KiviCare 3.2.0 Cross Site Scripting
05.10.2023
Arvandy
Med.
SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF / XSS / Redirect
03.10.2023
Fabian Hagg
Low
openVIVA c2 20220101 Cross Site Scripting
03.10.2023
Daniel Hirschberger
Low
WordPress Contact Form Generator 2.5.5 Cross Site Scripting
03.10.2023
Arvandy
Med.
OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation
25.09.2023
Yasar Klawohn


CVEMAP Search Results

CVE
Details
Description
2024-10-22
Waiting for details
CVE-2024-9590

Updating...
 

 
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

 
Waiting for details
CVE-2024-9589

Updating...
 

 
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

 
Waiting for details
CVE-2024-9231

Updating...
 

 
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

 
Waiting for details
CVE-2024-10189

Updating...
 

 
The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

 
Waiting for details
CVE-2024-10234

Updating...
 

 
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

 
Waiting for details
CVE-2024-47819

Updating...
 

 
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users.

 
2024-10-21
Waiting for details
CVE-2024-10198

Updating...
 

 
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well.

 
Waiting for details
CVE-2024-10197

Updating...
 

 
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

 
2024-10-20
Waiting for details
CVE-2024-49631

Updating...
 

 
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0.

 
Waiting for details
CVE-2024-49630

Updating...
 

 
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top