Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27925 | 1 Vektor-inc | 1 Vk Blocks | 2025-01-17 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-27926 | 1 Vektor-inc | 1 Vk All In One Expansion Unit | 2025-01-17 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-28367 | 1 Vektor-inc | 1 Vk All In One Expansion Unit | 2025-01-17 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-27923 | 1 Vektor-inc | 1 Vk Blocks | 2025-01-17 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2024-2091 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-01-17 | N/A | 4.6 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-1239 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2025-01-17 | N/A | 5.4 MEDIUM |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-1458 | 1 Livemeshelementor | 1 Addons For Elementor | 2025-01-17 | N/A | 5.4 MEDIUM |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-1461 | 1 Livemeshelementor | 1 Addons For Elementor | 2025-01-17 | N/A | 5.4 MEDIUM |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-1464 | 1 Livemeshelementor | 1 Addons For Elementor | 2025-01-17 | N/A | 5.4 MEDIUM |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-1465 | 1 Livemeshelementor | 1 Addons For Elementor | 2025-01-17 | N/A | 5.4 MEDIUM |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-1466 | 1 Livemeshelementor | 1 Addons For Elementor | 2025-01-17 | N/A | 5.4 MEDIUM |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-27986 may be a duplicate of this issue. | |||||
| CVE-2023-22300 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | N/A | 6.1 MEDIUM |
| An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs. This action would also grant the attacker privilege escalation. | |||||
| CVE-2023-28650 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | N/A | 6.1 MEDIUM |
| An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context. | |||||
| CVE-2023-28655 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | N/A | 5.4 MEDIUM |
| A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. | |||||
| CVE-2023-0432 | 1 Deltaww | 2 Dx-2100l1-cn, Dx-2100l1-cn Firmware | 2025-01-17 | N/A | 9.0 CRITICAL |
| The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised. | |||||
| CVE-2024-1428 | 1 Bdthemes | 1 Element Pack | 2025-01-17 | N/A | 5.4 MEDIUM |
| The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘element_pack_wrapper_link’ attribute of the Trailer Box widget in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-0837 | 1 Bdthemes | 1 Element Pack | 2025-01-17 | N/A | 5.4 MEDIUM |
| The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-31995 | 1 Hanwhavision | 236 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 233 more | 2025-01-17 | N/A | 5.4 MEDIUM |
| Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-42225 | 1 Fit2cloud | 1 Lina | 2025-01-17 | N/A | 5.4 MEDIUM |
| Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission. | |||||
| CVE-2023-25598 | 1 Mitel | 1 Mivoice Connect | 2025-01-17 | N/A | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||