Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48893 | 1 Fortinet | 1 Fortisoar | 2025-02-03 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook. | |||||
| CVE-2024-52967 | 1 Fortinet | 1 Fortiportal | 2025-02-03 | N/A | 4.8 MEDIUM |
| An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection. | |||||
| CVE-2024-2867 | 1 Properfraction | 1 Profilepress | 2025-02-03 | N/A | 5.4 MEDIUM |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2012-5873 | 1 Arc2 Project | 1 Arc2 | 2025-02-03 | N/A | 6.1 MEDIUM |
| ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action. | |||||
| CVE-2024-35280 | 1 Fortinet | 1 Fortideceptor | 2025-02-03 | N/A | 6.1 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints | |||||
| CVE-2024-3883 | 1 3dflipbook | 1 3d Flipbook | 2025-02-03 | N/A | 5.4 MEDIUM |
| The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-30789 | 1 Monicahq | 1 Monica | 2025-02-03 | N/A | 5.4 MEDIUM |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. | |||||
| CVE-2023-30790 | 1 Monicahq | 1 Monica | 2025-02-03 | N/A | 5.4 MEDIUM |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. | |||||
| CVE-2024-4092 | 1 Themepunch | 1 Slider Revolution | 2025-02-03 | N/A | 5.4 MEDIUM |
| The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors. | |||||
| CVE-2024-4265 | 1 Master-addons | 1 Master Addons | 2025-02-03 | N/A | 5.4 MEDIUM |
| The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-30787 | 1 Monicahq | 1 Monica | 2025-02-03 | N/A | 5.4 MEDIUM |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. | |||||
| CVE-2023-30210 | 1 Ourphp | 1 Ourphp | 2025-02-03 | N/A | 6.1 MEDIUM |
| OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php. | |||||
| CVE-2023-25346 | 1 Churchcrm | 1 Churchcrm | 2025-02-03 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. | |||||
| CVE-2022-25276 | 1 Drupal | 1 Drupal | 2025-02-03 | N/A | 6.1 MEDIUM |
| The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. | |||||
| CVE-2023-30212 | 1 Ourphp | 1 Ourphp | 2025-02-03 | N/A | 6.1 MEDIUM |
| OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. | |||||
| CVE-2024-4281 | 1 Ylefebvre | 1 Link Library | 2025-02-03 | N/A | 5.4 MEDIUM |
| The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-3068 | 1 Custom Field Suite Project | 1 Custom Field Suite | 2025-02-03 | N/A | 4.8 MEDIUM |
| The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-4339 | 1 Bdthemes | 1 Prime Slider | 2025-02-03 | N/A | 5.4 MEDIUM |
| The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-4943 | 1 Creativethemes | 1 Blocksy | 2025-02-03 | N/A | 5.4 MEDIUM |
| The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-30417 | 1 Pearadmin | 1 Pear Admin Boot | 2025-02-03 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. | |||||