Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4930 | 1 Syspass | 1 Syspass | 2025-03-05 | 3.5 Low |
| A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to address this issue. The patch is named 4da4d031732ecca67519851fd0c34597dbb8ee55. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222319. | ||||
| CVE-2023-1242 | 1 Answer | 1 Answer | 2025-03-05 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2017-20177 | 1 Wangguard Project | 1 Wangguard | 2025-03-05 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0 on WordPress. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The patch is identified as 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-125090 | 1 Media Downloader Project | 1 Media Downloader | 2025-03-05 | 3.5 Low |
| A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPress. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The patch is identified as 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-125092 | 1 Maxfoundry | 1 Maxbuttons | 2025-03-05 | 3.5 Low |
| A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The patch is named e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323. | ||||
| CVE-2015-10095 | 1 Woo-popup Project | 1 Woo-popup | 2025-03-05 | 3.5 Low |
| A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The patch is named 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327. | ||||
| CVE-2023-21615 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2023-21616 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2023-22252 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2023-22253 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2023-22254 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2023-22269 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2023-22249 | 1 Adobe | 2 Commerce, Magento Open Source | 2025-03-05 | 4.8 Medium |
| Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-53384 | 2025-03-05 | 5.1 Medium | ||
| A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components | ||||
| CVE-2023-29854 | 1 Dircms Project | 1 Dircms | 2025-03-05 | 6.1 Medium |
| DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the foreground. | ||||
| CVE-2023-26950 | 1 Onekeyadmin | 1 Onekeyadmin | 2025-03-05 | 5.4 Medium |
| onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module. | ||||
| CVE-2023-24657 | 1 Phpipam | 1 Phpipam | 2025-03-05 | 6.1 Medium |
| phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php. | ||||
| CVE-2023-24282 | 1 Poly | 2 Trio 8800, Trio 8800 Firmware | 2025-03-05 | 5.4 Medium |
| An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file. | ||||
| CVE-2023-1325 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2025-03-05 | 5.4 Medium |
| The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2014-125103 | 1 Bestwebsoft | 1 Twitter | 2025-03-05 | 2.4 Low |
| A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The patch is named e04d59ab578316ffeb204cf32dc71c0d0e1ff77c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230155. | ||||