Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10325 | 1 Brainstormforce | 1 Elementor Header \& Footer Builder | 2024-11-13 | N/A | 5.4 MEDIUM |
|
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
|
|||||
| CVE-2024-9440 | 1 Slimselectjs | 1 Slim Select | 2024-11-13 | N/A | 6.1 MEDIUM |
|
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available.
|
|||||
| CVE-2024-50461 | 1 Wpdeveloper | 1 Embedpress | 2024-11-13 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.14.
|
|||||
| CVE-2024-50460 | 1 Firelightwp | 1 Firelight Lightbox | 2024-11-13 | N/A | 4.8 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FirelightWP Firelight Lightbox allows Stored XSS.This issue affects Firelight Lightbox: from n/a through 2.3.3.
|
|||||
| CVE-2024-50458 | 1 Wpcodeus | 1 Advanced Sermons | 2024-11-13 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Stored XSS.This issue affects Advanced Sermons: from n/a through 3.4.
|
|||||
| CVE-2024-50451 | 1 Pluginus | 1 Meta Data And Taxonomies Filter | 2024-11-13 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
|
|||||
| CVE-2024-9841 | 1 Microfocus | 2 Arcsight Management Center, Arcsight Platform | 2024-11-13 | N/A | 6.1 MEDIUM |
|
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
|
|||||
| CVE-2024-8107 | 1 Themepunch | 1 Slider Revolution | 2024-11-13 | N/A | 5.4 MEDIUM |
|
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slide ...
Show More |
|||||
| CVE-2024-10269 | 1 Benjaminzekavica | 1 Easy Svg Support | 2024-11-13 | N/A | 5.4 MEDIUM |
|
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
|
|||||
| CVE-2024-8874 | 2024-11-13 | N/A | 6.1 MEDIUM | ||
|
The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-8985 | 2024-11-13 | N/A | 6.4 MEDIUM | ||
|
The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-28728 | 2024-11-13 | N/A | 6.6 MEDIUM | ||
|
Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field.
|
|||||
| CVE-2024-9426 | 2024-11-13 | N/A | 6.4 MEDIUM | ||
|
The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
|
|||||
| CVE-2024-10882 | 2024-11-13 | N/A | 6.1 MEDIUM | ||
|
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-10887 | 2024-11-13 | N/A | 6.4 MEDIUM | ||
|
The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user acce ...
Show More |
|||||
| CVE-2024-47765 | 1 Jgniecki | 1 Minecraft Motd Parser | 2024-11-13 | N/A | 6.1 MEDIUM |
|
Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by ...
Show More |
|||||
| CVE-2024-51213 | 2024-11-12 | N/A | 6.1 MEDIUM | ||
|
Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component.
|
|||||
| CVE-2024-51026 | 2024-11-12 | N/A | 5.4 MEDIUM | ||
|
The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field.
|
|||||
| CVE-2024-51135 | 2024-11-12 | N/A | 9.8 CRITICAL | ||
|
An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
|
|||||
| CVE-2024-50601 | 2024-11-12 | N/A | 6.1 MEDIUM | ||
|
Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixed in versions 10.3.3.67, 10.4.42, and 10.5.29.
|
|||||
| CVE-2024-51760 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RistrettoApps Dashing Memberships allows Reflected XSS.This issue affects Dashing Memberships: from n/a through 1.1.
|
|||||
| CVE-2024-51708 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narnoo Wordpress developer Narnoo Commerce Manager allows Reflected XSS.This issue affects Narnoo Commerce Manager: from n/a through 1.6.0.
|
|||||
| CVE-2024-51780 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael DUMONTET eewee admin custom allows Reflected XSS.This issue affects eewee admin custom: from n/a through 1.8.2.4.
|
|||||
| CVE-2024-51693 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in laboratorio d’Avanguardia Search order by product SKU for WooCommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through 0.2.
|
|||||
| CVE-2024-9270 | 2024-11-12 | N/A | 6.4 MEDIUM | ||
|
The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
|
|||||
| CVE-2024-51782 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sanjaysolutions Loginplus allows Stored XSS.This issue affects Loginplus: from n/a through 1.2.
|
|||||
| CVE-2024-51703 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Genethick WP-Basics allows Reflected XSS.This issue affects WP-Basics: from n/a through 2.0.
|
|||||
| CVE-2024-51717 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Perception System Ajax Content Filter allows Reflected XSS.This issue affects Ajax Content Filter: from n/a through 1.0.
|
|||||
| CVE-2024-51783 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zaus Forms: 3rd-Party Post Again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through 0.3.
|
|||||
| CVE-2024-51759 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Detlef Beyer SVT Simple allows Reflected XSS.This issue affects SVT Simple: from n/a through 1.0.1.
|
|||||
| CVE-2024-51612 | 2024-11-12 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ken Charity Reftagger Shortcode allows Stored XSS.This issue affects Reftagger Shortcode: from n/a through 1.1.
|
|||||
| CVE-2024-51697 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Doofinder allows Reflected XSS.This issue affects Doofinder: from n/a through 0.5.4.
|
|||||
| CVE-2024-51786 | 2024-11-12 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BestWebSoft Realty by BestWebSoft allows Stored XSS.This issue affects Realty by BestWebSoft: from n/a through 1.1.5.
|
|||||
| CVE-2024-51762 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nightshift Creative PropertyShift allows Reflected XSS.This issue affects PropertyShift: from n/a through 1.0.0.
|
|||||
| CVE-2024-51611 | 2024-11-12 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Miguel Peixe WP Feature Box allows Stored XSS.This issue affects WP Feature Box: from n/a through 0.1.3.
|
|||||
| CVE-2024-51710 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Minerva Infotech Responsive Data Table allows Reflected XSS.This issue affects Responsive Data Table: from n/a through 1.3.
|
|||||
| CVE-2024-51689 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tobias Conrad CF7 WOW Styler allows Reflected XSS.This issue affects CF7 WOW Styler: from n/a through 1.6.8.
|
|||||
| CVE-2024-51776 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in samhotchkiss Daily Image allows Reflected XSS.This issue affects Daily Image: from n/a through 1.0.
|
|||||
| CVE-2024-51709 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Dietz TeleAdmin allows Reflected XSS.This issue affects TeleAdmin: from n/a through 1.0.0.
|
|||||
| CVE-2024-51712 | 2024-11-12 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visser Labs Jigoshop – Store Toolkit allows Reflected XSS.This issue affects Jigoshop – Store Toolkit: from n/a through 1.4.0.
|
|||||