Export limit exceeded: 47033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47033 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-22838 1 Ec-cube 1 Ec-cube 2025-03-06 5.4 Medium
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-25077 1 Ec-cube 1 Ec-cube 2025-03-06 5.4 Medium
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-27641 1 Lsoft 1 Listserv 2025-03-06 6.1 Medium
The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.
CVE-2021-35377 1 Vicidial 1 Vicidial 2025-03-06 6.1 Medium
Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.
CVE-2023-0212 1 Advanced Recent Posts Project 1 Advanced Recent Posts 2025-03-06 5.4 Medium
The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0165 1 Nicdark 1 Cost Calculator 2025-03-06 5.4 Medium
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0068 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce Project 1 Product Gtin \(ean\, Upc\, Isbn\) For Woocommerce 2025-03-06 5.4 Medium
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0064 1 Eaglevisionit 1 Evision Responsive Column Layout Shortcodes 2025-03-06 5.4 Medium
The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0063 1 Synved 1 Wordpress Shortcodes 2025-03-06 5.4 Medium
The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0377 1 Robincornett 1 Scriptless Social Sharing 2025-03-06 5.4 Medium
The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0065 1 I2 Pros \& Cons Project 1 I2 Pros \& Cons 2025-03-06 5.4 Medium
The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-1237 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1238 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1239 1 Answer 1 Answer 2025-03-06 4.8 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1243 1 Answer 1 Answer 2025-03-06 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1244 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-1245 1 Answer 1 Answer 2025-03-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2024-38674 1 Sktthemes 1 Skt Addons For Elementor 2025-03-06 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 3.0.
CVE-2024-56412 1 Phpoffice 1 Phpspreadsheet 2025-03-06 5.4 Medium
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
CVE-2024-49807 1 Ibm 1 Sterling B2b Integrator 2025-03-06 6.4 Medium
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.