Filtered by CWE-79
Total 45271 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-1241 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-25807 1 Dataease 1 Dataease 2025-03-06 7.2 High
DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.
CVE-2023-1181 1 Easyimages2.0 Project 1 Easyimages2.0 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7.
CVE-2023-22838 1 Ec-cube 1 Ec-cube 2025-03-06 5.4 Medium
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-25077 1 Ec-cube 1 Ec-cube 2025-03-06 5.4 Medium
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-27641 1 Lsoft 1 Listserv 2025-03-06 6.1 Medium
The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.
CVE-2021-35377 1 Vicidial 1 Vicidial 2025-03-06 6.1 Medium
Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.
CVE-2023-0212 1 Advanced Recent Posts Project 1 Advanced Recent Posts 2025-03-06 5.4 Medium
The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0165 1 Nicdark 1 Cost Calculator 2025-03-06 5.4 Medium
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0068 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce Project 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce 2025-03-06 5.4 Medium
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0064 1 Eaglevisionit 1 Evision Responsive Column Layout Shortcodes 2025-03-06 5.4 Medium
The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0063 1 Synved 1 Wordpress Shortcodes 2025-03-06 5.4 Medium
The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0377 1 Robincornett 1 Scriptless Social Sharing 2025-03-06 5.4 Medium
The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0065 1 I2 Pros \& Cons Project 1 I2 Pros \& Cons 2025-03-06 5.4 Medium
The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-1237 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1238 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1239 1 Answer 1 Answer 2025-03-06 4.8 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1243 1 Answer 1 Answer 2025-03-06 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1244 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1245 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.