Total
45271 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1241 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-25807 | 1 Dataease | 1 Dataease | 2025-03-06 | 7.2 High |
| DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. | ||||
| CVE-2023-1181 | 1 Easyimages2.0 Project | 1 Easyimages2.0 | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7. | ||||
| CVE-2023-22838 | 1 Ec-cube | 1 Ec-cube | 2025-03-06 | 5.4 Medium |
| Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-25077 | 1 Ec-cube | 1 Ec-cube | 2025-03-06 | 5.4 Medium |
| Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-27641 | 1 Lsoft | 1 Listserv | 2025-03-06 | 6.1 Medium |
| The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. | ||||
| CVE-2021-35377 | 1 Vicidial | 1 Vicidial | 2025-03-06 | 6.1 Medium |
| Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. | ||||
| CVE-2023-0212 | 1 Advanced Recent Posts Project | 1 Advanced Recent Posts | 2025-03-06 | 5.4 Medium |
| The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0165 | 1 Nicdark | 1 Cost Calculator | 2025-03-06 | 5.4 Medium |
| The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0068 | 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce Project | 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce | 2025-03-06 | 5.4 Medium |
| The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0064 | 1 Eaglevisionit | 1 Evision Responsive Column Layout Shortcodes | 2025-03-06 | 5.4 Medium |
| The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0063 | 1 Synved | 1 Wordpress Shortcodes | 2025-03-06 | 5.4 Medium |
| The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0377 | 1 Robincornett | 1 Scriptless Social Sharing | 2025-03-06 | 5.4 Medium |
| The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0065 | 1 I2 Pros \& Cons Project | 1 I2 Pros \& Cons | 2025-03-06 | 5.4 Medium |
| The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-1237 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1238 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1239 | 1 Answer | 1 Answer | 2025-03-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1243 | 1 Answer | 1 Answer | 2025-03-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1244 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1245 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||