Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2455 | 1 Bdthemes | 1 Element Pack | 2025-02-06 | N/A | 5.4 MEDIUM |
| The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-7100 | 1 Bold-themes | 1 Bold Page Builder | 2025-02-06 | N/A | 5.4 MEDIUM |
| The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_button shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6627 | 1 Leevio | 1 Happy Addons For Elementor | 2025-02-06 | N/A | 5.4 MEDIUM |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2018-17883 | 1 Otrs | 1 Otrs | 2025-02-06 | N/A | 6.1 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. | |||||
| CVE-2022-44726 | 1 Timesheets-for-jira | 1 Timesheet Tracking | 2025-02-06 | N/A | 5.4 MEDIUM |
| The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS in the calendar view. | |||||
| CVE-2018-17537 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. . | |||||
| CVE-2024-45717 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-06 | N/A | 4.8 MEDIUM |
| The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. | |||||
| CVE-2022-48177 | 1 X2crm | 1 X2crm | 2025-02-06 | N/A | 5.4 MEDIUM |
| X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser. | |||||
| CVE-2023-29774 | 1 Iteachyou | 1 Dreamer Cms | 2025-02-06 | N/A | 5.4 MEDIUM |
| Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). | |||||
| CVE-2022-43696 | 1 Open-xchange | 1 Ox App Suite | 2025-02-06 | N/A | 6.1 MEDIUM |
| OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. | |||||
| CVE-2023-2102 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2022-48178 | 1 X2crm | 1 X2crm | 2025-02-06 | N/A | 5.4 MEDIUM |
| X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI. | |||||
| CVE-2023-27092 | 1 Jbootfly Project | 1 Jbootfly | 2025-02-06 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter. | |||||
| CVE-2023-2103 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-47869 | 1 Gvectors | 1 Wpforo Forum | 2025-02-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5. | |||||
| CVE-2024-12581 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-02-06 | N/A | 4.8 MEDIUM |
| The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2025-1076 | 2025-02-06 | N/A | N/A | ||
| A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality. | |||||
| CVE-2024-10646 | 1 Fluentforms | 1 Contact Form | 2025-02-06 | N/A | 6.1 MEDIUM |
| The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-46153 | 1 Monsterinsights | 1 Userfeedback | 2025-02-06 | N/A | 6.1 MEDIUM |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions. | |||||
| CVE-2024-1559 | 1 Ylefebvre | 1 Link Library | 2025-02-05 | N/A | 6.1 MEDIUM |
| The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||