Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0172 | 1 Saas.group | 1 Juicer | 2025-02-27 | 5.4 Medium |
| The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-0073 | 1 Client Logo Carousel Project | 1 Client Logo Carousel | 2025-02-27 | 5.4 Medium |
| The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-4661 | 1 Themelocation | 1 Widgets For Woocommerce Products On Elementor | 2025-02-27 | 5.4 Medium |
| The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-4466 | 1 Connekthq | 1 Ajax Load More | 2025-02-27 | 5.4 Medium |
| The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0219 | 1 Wpmanageninja | 1 Fluentsmtp | 2025-02-27 | 5.4 Medium |
| The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. | ||||
| CVE-2024-3793 | 1 Whitebearsolutions | 1 Wbsairback | 2025-02-27 | 4.8 Medium |
| Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. | ||||
| CVE-2024-3794 | 1 Whitebearsolutions | 1 Wbsairback | 2025-02-27 | 4.8 Medium |
| Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. | ||||
| CVE-2024-3790 | 1 Whitebearsolutions | 1 Wbsairback | 2025-02-27 | 4.8 Medium |
| Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. | ||||
| CVE-2024-3791 | 1 Whitebearsolutions | 1 Wbsairback | 2025-02-27 | 4.8 Medium |
| Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. | ||||
| CVE-2024-3792 | 1 Whitebearsolutions | 1 Wbsairback | 2025-02-27 | 4.8 Medium |
| Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. | ||||
| CVE-2024-3795 | 1 Whitebearsolutions | 1 Wbsairback | 2025-02-27 | 4.8 Medium |
| Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. | ||||
| CVE-2024-3796 | 1 Whitebearsolutions | 1 Wbsairback | 2025-02-27 | 4.8 Medium |
| Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. | ||||
| CVE-2023-24279 | 1 Opennetworking | 1 Onos | 2025-02-27 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. | ||||
| CVE-2023-25593 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | 7.1 High |
| Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||
| CVE-2023-25592 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | 7.1 High |
| Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||
| CVE-2025-20116 | 2025-02-27 | 4.8 Medium | ||
| A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information. | ||||
| CVE-2023-26457 | 1 Sap | 1 Content Server | 2025-02-27 | 6.1 Medium |
| SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data. | ||||
| CVE-2024-30427 | 1 Spiffyplugins | 1 Spiffy Calendar | 2025-02-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7. | ||||
| CVE-2024-30428 | 1 Contest-gallery | 1 Contest Gallery | 2025-02-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through 21.3.5. | ||||
| CVE-2024-30430 | 1 Wpmanageninja | 1 Fluentcrm | 2025-02-27 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Email Newsletter Team - FluentCRM Fluent CRM allows Stored XSS.This issue affects Fluent CRM: from n/a through 2.8.44. | ||||