Export limit exceeded: 362507 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47035 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1181 | 1 Easyimages2.0 Project | 1 Easyimages2.0 | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7. | ||||
| CVE-2023-22344 | 1 Dos-osaka | 2 Rakuraku Pc Cloud Agent, Ss1 | 2025-03-06 | 9.8 Critical |
| Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | ||||
| CVE-2023-22838 | 1 Ec-cube | 1 Ec-cube | 2025-03-06 | 5.4 Medium |
| Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-25077 | 1 Ec-cube | 1 Ec-cube | 2025-03-06 | 5.4 Medium |
| Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-27641 | 1 Lsoft | 1 Listserv | 2025-03-06 | 6.1 Medium |
| The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. | ||||
| CVE-2021-35377 | 1 Vicidial | 1 Vicidial | 2025-03-06 | 6.1 Medium |
| Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. | ||||
| CVE-2023-0212 | 1 Advanced Recent Posts Project | 1 Advanced Recent Posts | 2025-03-06 | 5.4 Medium |
| The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0165 | 1 Nicdark | 1 Cost Calculator | 2025-03-06 | 5.4 Medium |
| The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0068 | 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce Project | 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce | 2025-03-06 | 5.4 Medium |
| The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0064 | 1 Eaglevisionit | 1 Evision Responsive Column Layout Shortcodes | 2025-03-06 | 5.4 Medium |
| The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0063 | 1 Synved | 1 Wordpress Shortcodes | 2025-03-06 | 5.4 Medium |
| The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0377 | 1 Robincornett | 1 Scriptless Social Sharing | 2025-03-06 | 5.4 Medium |
| The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0065 | 1 I2 Pros \& Cons Project | 1 I2 Pros \& Cons | 2025-03-06 | 5.4 Medium |
| The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-1237 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1238 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1239 | 1 Answer | 1 Answer | 2025-03-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1243 | 1 Answer | 1 Answer | 2025-03-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1244 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-1245 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2024-38674 | 1 Sktthemes | 1 Skt Addons For Elementor | 2025-03-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 3.0. | ||||