Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24278 | 1 Squidex.io | 1 Squidex | 2025-02-26 | N/A | 6.1 MEDIUM |
| Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability. | |||||
| CVE-2024-0083 | 2025-02-26 | N/A | N/A | ||
| NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure. | |||||
| CVE-2025-0301 | 1 Fabianros | 1 Online Book Shop | 2025-02-26 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in code-projects Online Book Shop 1.0. Affected by this issue is some unknown functionality of the file /subcat.php. The manipulation of the argument catnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-45004 | 1 Getgophish | 1 Gophish | 2025-02-26 | N/A | 6.1 MEDIUM |
| Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page. | |||||
| CVE-2020-19947 | 1 Markdown Edit Project | 1 Markdown Edit | 2025-02-26 | N/A | 9.6 CRITICAL |
| Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage. | |||||
| CVE-2023-27054 | 1 Mirotalk | 1 Mirotalk P2p | 2025-02-26 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module. | |||||
| CVE-2023-27131 | 1 Typecho | 1 Typecho | 2025-02-26 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. | |||||
| CVE-2020-24857 | 1 Inex | 1 Ixp Manager | 2025-02-26 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component. | |||||
| CVE-2024-1341 | 1 Tinywebgallery | 1 Advanced Iframe | 2025-02-26 | N/A | 5.4 MEDIUM |
| The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-6806 | 1 Squirrly | 1 Starbox | 2025-02-26 | N/A | 5.4 MEDIUM |
| The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-0602 | 1 Yarpp | 1 Yet Another Related Posts Plugin | 2025-02-26 | N/A | 4.0 MEDIUM |
| The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-13363 | 1 Raptive | 1 Raptive Ads | 2025-02-26 | N/A | 6.1 MEDIUM |
| The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-6810 | 2025-02-26 | N/A | 4.4 MEDIUM | ||
| The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-13135 | 1 Emlog | 1 Emlog | 2025-02-25 | N/A | 5.4 MEDIUM |
| A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/twitter.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9702 | 1 Wpsocialrocket | 1 Social Rocket | 2025-02-25 | N/A | 5.4 MEDIUM |
| The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-49633 | 1 Designinvento | 1 Directorypress | 2025-02-25 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19. | |||||
| CVE-2024-56288 | 1 Androidbubble | 1 Wp Docs | 2025-02-25 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.2.1. | |||||
| CVE-2024-13132 | 1 Emlog | 1 Emlog | 2025-02-25 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in Emlog Pro up to 2.4.3. This vulnerability affects unknown code of the file /admin/article.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12475 | 1 Wpexperts | 1 Wp Multi Store Locator | 2025-02-25 | N/A | 5.4 MEDIUM |
| The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-11930 | 1 Taskbuilder | 1 Taskbuilder | 2025-02-25 | N/A | 5.4 MEDIUM |
| The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||