Total
45254 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0232 | 1 Metagauss | 1 Leadmagic | 2025-01-31 | 4.8 Medium |
| The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2022-25306 | 1 Veronalabs | 1 Wp Statistics | 2025-01-31 | 7.2 High |
| The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. | ||||
| CVE-2022-1628 | 1 Coleds | 1 Simple Seo | 2025-01-31 | 6.4 Medium |
| The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page. | ||||
| CVE-2023-2328 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2022-2430 | 1 Visualcomposer | 1 Visual Composer Website Builder | 2025-01-31 | 6.4 Medium |
| The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-2937 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2025-01-31 | 6.4 Medium |
| The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users. | ||||
| CVE-2023-2322 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2323 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2327 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2340 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2341 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2342 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-33751 | 1 Mipjz Project | 1 Mipjz | 2025-01-31 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php. | ||||
| CVE-2023-33750 | 1 Mipjz Project | 1 Mipjz | 2025-01-31 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd. | ||||
| CVE-2023-33599 | 1 Easyimages2.0 Project | 1 Easyimages2.0 | 2025-01-31 | 6.1 Medium |
| EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. | ||||
| CVE-2023-32766 | 1 Gitpod | 1 Gitpod | 2025-01-31 | 6.1 Medium |
| Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). | ||||
| CVE-2020-23647 | 1 Boxbilling | 1 Boxbilling | 2025-01-31 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | ||||
| CVE-2020-21643 | 1 Hongcms Project | 1 Hongcms | 2025-01-31 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. | ||||
| CVE-2023-28820 | 1 Concretecms | 1 Concrete Cms | 2025-01-31 | 2 Low |
| Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. | ||||
| CVE-2023-28471 | 1 Concretecms | 1 Concrete Cms | 2025-01-31 | 5.4 Medium |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name. | ||||