Export limit exceeded: 362507 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47035 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-1181 1 Easyimages2.0 Project 1 Easyimages2.0 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7.
CVE-2023-22344 1 Dos-osaka 2 Rakuraku Pc Cloud Agent, Ss1 2025-03-06 9.8 Critical
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
CVE-2023-22838 1 Ec-cube 1 Ec-cube 2025-03-06 5.4 Medium
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-25077 1 Ec-cube 1 Ec-cube 2025-03-06 5.4 Medium
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-27641 1 Lsoft 1 Listserv 2025-03-06 6.1 Medium
The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.
CVE-2021-35377 1 Vicidial 1 Vicidial 2025-03-06 6.1 Medium
Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.
CVE-2023-0212 1 Advanced Recent Posts Project 1 Advanced Recent Posts 2025-03-06 5.4 Medium
The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0165 1 Nicdark 1 Cost Calculator 2025-03-06 5.4 Medium
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0068 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce Project 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce 2025-03-06 5.4 Medium
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0064 1 Eaglevisionit 1 Evision Responsive Column Layout Shortcodes 2025-03-06 5.4 Medium
The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0063 1 Synved 1 Wordpress Shortcodes 2025-03-06 5.4 Medium
The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0377 1 Robincornett 1 Scriptless Social Sharing 2025-03-06 5.4 Medium
The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0065 1 I2 Pros \& Cons Project 1 I2 Pros \& Cons 2025-03-06 5.4 Medium
The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-1237 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1238 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1239 1 Answer 1 Answer 2025-03-06 4.8 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1243 1 Answer 1 Answer 2025-03-06 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1244 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1245 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2024-38674 1 Sktthemes 1 Skt Addons For Elementor 2025-03-06 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 3.0.