Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Angry Yack Logo
Total 42233 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-45062 1 Virtuellwerk 1 Canvasio3d Light 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas Scholl canvasio3D Light plugin <= 2.4.6 versions.
CVE-2023-45059 1 Gumroad 1 Gumroad 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gumroad plugin <= 3.1.0 versions.
CVE-2023-45057 1 Hitsteps 1 Web Analytics 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hitsteps Web Analytics plugin <= 5.86 versions.
CVE-2023-45056 1 100plugins 1 Open User Map 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 100plugins Open User Map plugin <= 1.3.26 versions.
CVE-2023-45054 1 Awesometogi 1 Product-category-tree 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.
CVE-2023-45051 1 Gopiplus 1 Image Vertical Reel Scroll Slideshow 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0 versions.
CVE-2023-45050 1 Automattic 1 Jetpack 2024-11-21 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
CVE-2023-45049 1 Getbutterfly 1 Youtube Playlist Player 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.7 versions.
CVE-2023-45010 1 Alexmacarthur 1 Complete Open Graph 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex MacArthur Complete Open Graph plugin <= 3.4.5 versions.
CVE-2023-45008 1 Wpjohnny 1 Comment Reply Email 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJohnny Comment Reply Email plugin <= 1.0.3 versions.
CVE-2023-45007 1 Fotomoto 1 Fotomoto 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto plugin <= 1.2.8 versions.
CVE-2023-45006 1 Byconsole 1 Wooodt Lite 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin <= 2.4.6 versions.
CVE-2023-45005 1 Castos 1 Seriously Simple Stats 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos Seriously Simple Stats plugin <= 1.5.1 versions.
CVE-2023-45004 1 Wp3sixty 1 Woo Custom Emails 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty Woo Custom Emails plugin <= 2.2 versions.
CVE-2023-45003 1 Arrowplugins 1 Social Feed 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin <= 2.2.0 versions.
CVE-2023-44990 1 Pluginus 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.
CVE-2023-44987 1 Gettimely 1 Timely Booking Button 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions.
CVE-2023-44986 1 Tychesoftwares 1 Abandoned Cart Lite For Woocommerce 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions.
CVE-2023-44985 1 Cytechmobile 1 Buddymeet 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in Cytech BuddyMeet plugin <= 2.2.0 versions.
CVE-2023-44984 1 Rewweb 1 Bbp Style Pack 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions.
CVE-2023-44954 1 Bigtreecms 1 Bigtree Cms 2024-11-21 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.
CVE-2023-44826 1 Easycorp 1 Zentao 2024-11-21 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.
CVE-2023-44813 1 Moosocial 1 Moosocial 2024-11-21 N/A 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.
CVE-2023-44812 1 Moosocial 1 Moosocial 2024-11-21 N/A 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.
CVE-2023-44796 1 Limesurvey 1 Limesurvey 2024-11-21 N/A 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
CVE-2023-44771 1 Tribalsystems 1 Zenario 2024-11-21 N/A 5.4 MEDIUM
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.
CVE-2023-44770 1 Tribalsystems 1 Zenario 2024-11-21 N/A 5.4 MEDIUM
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.
CVE-2023-44769 1 Tribalsystems 1 Zenario 2024-11-21 N/A 5.4 MEDIUM
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.
CVE-2023-44767 1 Ritecms 1 Ritecms 2024-11-21 N/A 4.8 MEDIUM
A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.
CVE-2023-44766 1 Concretecms 1 Concrete Cms 2024-11-21 N/A 4.8 MEDIUM
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature.
CVE-2023-44765 1 Concretecms 1 Concrete Cms 2024-11-21 N/A 5.4 MEDIUM
A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.
CVE-2023-44764 1 Concretecms 1 Concrete Cms 2024-11-21 N/A 5.4 MEDIUM
A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).
CVE-2023-44762 1 Concretecms 1 Concrete Cms 2024-11-21 N/A 5.4 MEDIUM
A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.
CVE-2023-44761 1 Concretecms 1 Concrete Cms 2024-11-21 N/A 5.4 MEDIUM
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.
CVE-2023-44760 1 Concretecms 1 Concrete Cms 2024-11-21 N/A 4.8 MEDIUM
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Also, the exploitation method claimed by "sromanhu" does not provide any access to a Concrete CMS session, b ...

Show More
CVE-2023-44758 1 Gdidees 1 Gdidees Cms 2024-11-21 N/A 5.4 MEDIUM
GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.
CVE-2023-44484 1 Projectworlds 1 Online Blood Donation Management System 2024-11-21 N/A 6.1 MEDIUM
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
CVE-2023-44479 1 Krillwebdesign 1 Wp-jump-menu 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <= 3.6.4 versions.
CVE-2023-44477 1 Boxystudio 1 Cooked 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions.
CVE-2023-44474 1 Md Jakir Hosen 1 Tiger Forms - Drag And Drop Form Builder 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin <= 2.0.0 versions.