Total
45239 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28347 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 9.6 Critical |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner. | ||||
| CVE-2023-28350 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 6.1 Medium |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged functionality offered by the Teacher Console, the ability to silently exploit Cross Site Scripting (XSS) on the Teacher Machine enables remote code execution on any connected student machine (and the teacher's machine). | ||||
| CVE-2022-36244 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | 5.4 Medium |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za. | ||||
| CVE-2023-2954 | 1 Djangoblog Project | 1 Djangoblog | 2025-01-13 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master. | ||||
| CVE-2023-32072 | 1 Enalean | 1 Tuleap | 2025-01-13 | 4.8 Medium |
| Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a victim, also a Git administrator, execute uncontrolled code. Tuleap Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3, and Tuleap Enterprise Edition 14.7-7 contain a patch for this issue. | ||||
| CVE-2023-29101 | 1 Muffingroup | 1 Betheme | 2025-01-13 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions. | ||||
| CVE-2022-40697 | 1 3commarketing | 1 3com-asesor-de-cookies | 2025-01-13 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com – Asesor de Cookies para normativa española plugin <= 3.4.3 versions. | ||||
| CVE-2023-22721 | 1 Oi Yandex.maps Project | 1 Oi Yandex.maps | 2025-01-13 | 6.5 Medium |
| Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions. | ||||
| CVE-2023-23687 | 1 Youtube Shortcode Project | 1 Youtube Shortcode | 2025-01-13 | 6.5 Medium |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions. | ||||
| CVE-2022-29416 | 1 Afterpay | 1 Afterpay Gateway For Woocommerce | 2025-01-13 | 4.7 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions. | ||||
| CVE-2022-37402 | 1 Afsanalytics | 1 Afs Analytics | 2025-01-13 | 4.8 Medium |
| Stored Cross-site Scripting (XSS) vulnerability in AFS Analytics plugin <= 4.18 versions. | ||||
| CVE-2022-38971 | 1 Themekraft | 1 Post Form Registration Form Profile Form For User Profiles And Content Forms | 2025-01-13 | 4.7 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions. | ||||
| CVE-2022-40699 | 1 Yasr - Yet Another Stars Rating Project | 1 Yasr - Yet Another Stars Rating | 2025-01-13 | 5.4 Medium |
| Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr – Yet Another Stars Rating plugin <= 3.1.2 versions. | ||||
| CVE-2022-41554 | 1 Slideshow Se Project | 1 Slideshow Se | 2025-01-13 | 4.8 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions. | ||||
| CVE-2022-43461 | 1 Slideshow Se Project | 1 Slideshow Se | 2025-01-13 | 4.8 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions. | ||||
| CVE-2022-45817 | 1 Gc Testimonials Project | 1 Gc Testimonials | 2025-01-13 | 5.4 Medium |
| Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimonials plugin <= 1.3.2 versions. | ||||
| CVE-2023-25795 | 1 Wp-master | 1 Feed Changer \& Remover | 2025-01-13 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions. | ||||
| CVE-2023-25794 | 1 Nooz Project | 1 Nooz | 2025-01-13 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions. | ||||
| CVE-2024-13141 | 1 Osuuu | 1 Lightpicture | 2025-01-10 | 3.5 Low |
| A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12846 | 1 Emlog | 1 Emlog | 2025-01-10 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||