CWE-79 CVEs and Security Vulnerabilities

Filtered by CWE-79

Search

Switch to Advanced Search (Beta)

Total 34410 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-33978	1 Fontmeister Project	1 Fontmeister	2025-02-20	6.1 Medium
Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.
CVE-2021-36899	1 Asset Cleanup\	1 Page Speed Booster Project	2025-02-20	4.8 Medium
Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.
CVE-2022-26375	1 Abpressoptimizer	1 Ab Press Optimizer	2025-02-20	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress.
CVE-2022-41638	1 Chop-chop	1 Pop-up Chop Chop	2025-02-20	5.4 Medium
Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.
CVE-2022-40311	1 Fatcatapps	1 Analytics Cat	2025-02-20	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress.
CVE-2021-36858	1 Themepoints	1 Testimonials	2025-02-20	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.
CVE-2021-36863	1 Expresstech	1 Quiz And Survey Master	2025-02-20	5.4 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2021-36864	1 Expresstech	1 Quiz And Survey Master	2025-02-20	3.4 Low
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2022-44576	1 Agenteasy Properties Project	1 Agenteasy Properties	2025-02-20	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress.
CVE-2022-44586	1 Am-hili Project	1 Am-hili	2025-02-20	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress.
CVE-2022-36428	1 Rockcontent	1 Rock Convert	2025-02-20	4.8 Medium
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress.
CVE-2022-44628	1 Jumpdemand	1 4ecps Web Forms	2025-02-20	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress.
CVE-2022-30545	1 5-anker	1 5 Anker Connect	2025-02-20	4.8 Medium
Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress.
CVE-2022-36357	1 Webpsilon	1 Ultimate Tables	2025-02-20	6.1 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilon ULTIMATE TABLES plugin <= 1.6.5 versions.
CVE-2024-4036	1 Athemes	1 Sydney Toolbox	2025-02-20	6.4 Medium
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-2958	1 Svs-websoft	1 Svs Pricing Tables	2025-02-20	4.4 Medium
The SVS Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pricing table settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2024-2779	1 Campcodes	1 Online Marriage Registration System	2025-02-20	3.5 Low
A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257613 was assigned to this vulnerability.
CVE-2024-2780	1 Campcodes	1 Online Marriage Registration System	2025-02-20	3.5 Low
A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257614 is the identifier assigned to this vulnerability.
CVE-2023-43614	1 Welcart	1 Welcart E-commerce	2025-02-20	6.1 Medium
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
CVE-2016-4826	1 Welcart	1 Welcart E-commerce	2025-02-20	6.1 Medium
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.

« first previous Page 103 of 1721. next last »