CWE-CWE-79 CVE - Yack CVE

Filtered by CWE-79

Total 42233 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-47829	1 Codez	1 Quick Call Button	2024-11-21	N/A	5.9 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codez Quick Call Button plugin <= 1.2.9 versions.
CVE-2023-47821	1 Jannisthuemmig	1 Email Encoder	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jannis Thuemmig Email Encoder plugin <= 2.1.8 versions.
CVE-2023-47817	1 Mmrs151	1 Daily Prayer Time	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.10.13 versions.
CVE-2023-47816	1 Wpcharitable	1 Charitable	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions.
CVE-2023-47815	1 Venutius	1 Bp Profile Shortcodes Extra	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra plugin <= 2.5.2 versions.
CVE-2023-47814	1 Bmicalculator	1 Bmi Calculator	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Waterloo Plugins BMI Calculator Plugin plugin <= 1.0.3 versions.
CVE-2023-47813	1 Grandslambert	1 Better Rss Widget	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grandslambert Better RSS Widget plugin <= 2.8.1 versions.
CVE-2023-47812	1 Bamboo Mcr	1 Bamboo Columns	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns plugin <= 1.6.1 versions.
CVE-2023-47811	1 Sureshkumarmukhiya	1 Anywhere Flash Embed	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin <= 1.0.5 versions.
CVE-2023-47810	1 Asdqwedev	1 Ajax Domain Checker	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asdqwe Dev Ajax Domain Checker plugin <= 1.3.0 versions.
CVE-2023-47809	1 Themepoints	1 Accordion	2024-11-21	N/A	5.9 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion plugin <= 2.6 versions.
CVE-2023-47808	1 Christinauechi	1 Add Widgets To Page	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christina Uechi Add Widgets to Page plugin <= 1.3.2 versions.
CVE-2023-47797	1 Liferay	1 Liferay Portal	2024-11-21	N/A	9.6 CRITICAL
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.
CVE-2023-47790	1 Popozure	1 Pz-linkcard	2024-11-21	N/A	7.1 HIGH
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.
CVE-2023-47786	1 Layerslider	1 Layerslider	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LayerSlider plugin <= 7.7.9 versions.
CVE-2023-47777	1 Automattic	2 Woocommerce, Woocommerce Blocks	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1.
CVE-2023-47773	1 Yasglobal	1 Permalinks Customizer	2024-11-21	N/A	7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.
CVE-2023-47772	1 Themepunch	1 Slider Revolution	2024-11-21	N/A	6.5 MEDIUM
Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14.
CVE-2023-47768	1 Diywebmastery	1 Footer Putter	2024-11-21	N/A	7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions.
CVE-2023-47767	1 Fla-shop	1 Interactive World Map	2024-11-21	N/A	7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.
CVE-2023-47766	1 Ifeelweb	1 Post Status Notifier Lite	2024-11-21	N/A	7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions.
CVE-2023-47759	1 Premio	1 Chaty	2024-11-21	N/A	5.9 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Chaty plugin <= 3.1.2 versions.
CVE-2023-47755	1 Aazztech	1 Woocommerce Product Carousel Slider	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <= 3.3.5 versions.
CVE-2023-47707	3 Ibm, Linux, Microsoft	4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more	2024-11-21	N/A	5.4 MEDIUM
IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522.
CVE-2023-47699	1 Ibm	1 Sterling Secure Proxy	2024-11-21	N/A	6.1 MEDIUM
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.
CVE-2023-47697	1 Wp-eventmanager	1 Wp Event Manager	2024-11-21	N/A	7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin <= 3.1.39 versions.
CVE-2023-47696	1 Gravitymaster	1 Product Enquiry For Woocommerce	2024-11-21	N/A	7.1 HIGH
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions.
CVE-2023-47695	1 Scribit	1 Shortcodes Finder	2024-11-21	N/A	7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Shortcodes Finder plugin <= 1.5.3 versions.
CVE-2023-47690	1 Antonbond	1 Additional Order Filters For Woocommerce	2024-11-21	N/A	7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <= 1.10 versions.
CVE-2023-47684	1 Themepunch	1 Essential Grid	2024-11-21	N/A	7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions.
CVE-2023-47680	1 Qodeinteractive	1 Qi Addons For Elementor	2024-11-21	N/A	6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <= 1.6.3 versions.
CVE-2023-47673	1 Thecrowned	1 Post Pay Counter	2024-11-21	N/A	7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano Ottolenghi Post Pay Counter plugin <= 2.784 versions.
CVE-2023-47665	1 Plainviewplugins	1 Plainview Protect Passwords	2024-11-21	N/A	7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_plainview Plainview Protect Passwords plugin <= 1.4 versions.
CVE-2023-47662	1 Goldbroker	1 Live Gold Price \& Silver Price Charts Widgets	2024-11-21	N/A	5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GoldBroker.Com Live Gold Price & Silver Price Charts Widgets plugin <= 2.4 versions.
CVE-2023-47660	1 Wpwham	1 Product Visibility By Country For Woocommerce	2024-11-21	N/A	5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Wham Product Visibility by Country for WooCommerce plugin <= 1.4.9 versions.
CVE-2023-47659	1 Lava-code	1 Lava Directory Manager	2024-11-21	N/A	6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.
CVE-2023-47658	1 Actpro	1 Extra Product Options For Woocommerce	2024-11-21	N/A	5.9 MEDIUM
Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in actpro Extra Product Options for WooCommerce plugin <= 3.0.3 versions.
CVE-2023-47657	1 Grandplugins	1 Woo Quick View And Buy Now	2024-11-21	N/A	5.9 MEDIUM
Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce plugin <= 1.5.8 versions.
CVE-2023-47656	1 Marcomilesi	1 Anac Xml Bandi Di Gara	2024-11-21	N/A	5.9 MEDIUM
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions.
CVE-2023-47654	1 Livescore	1 Bzscore	2024-11-21	N/A	6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in livescore.Bz BZScore – Live Score plugin <= 1.03 versions.

Vulnerabilities (CVE)