Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Angry Yack Logo
Total 42233 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40876 1 Dedecms 1 Dedecms 2024-11-21 N/A 5.4 MEDIUM
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.
CVE-2023-40875 1 Dedecms 1 Dedecms 2024-11-21 N/A 5.4 MEDIUM
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.
CVE-2023-40874 1 Dedecms 1 Dedecms 2024-11-21 N/A 5.4 MEDIUM
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.
CVE-2023-40869 1 Moosocial 1 Moosocial 2024-11-21 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.
CVE-2023-40851 1 User Registration \& Login And User Management System With Admin Panel Project 1 User Registration \& Login And User Management System With Admin Panel 2024-11-21 N/A 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page.
CVE-2023-40817 1 Opencrx 1 Opencrx 2024-11-21 N/A 6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
CVE-2023-40816 1 Opencrx 1 Opencrx 2024-11-21 N/A 6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.
CVE-2023-40815 1 Opencrx 1 Opencrx 2024-11-21 N/A 6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.
CVE-2023-40814 1 Opencrx 1 Opencrx 2024-11-21 N/A 6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.
CVE-2023-40813 1 Opencrx 1 Opencrx 2024-11-21 N/A 6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.
CVE-2023-40812 1 Opencrx 1 Opencrx 2024-11-21 N/A 6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
CVE-2023-40810 1 Opencrx 1 Opencrx 2024-11-21 N/A 6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.
CVE-2023-40809 1 Opencrx 1 Opencrx 2024-11-21 N/A 6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
CVE-2023-40786 1 Hkcms 1 Hkcms 2024-11-21 N/A 5.4 MEDIUM
HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.
CVE-2023-40755 1 Phpjabbers 1 Callback Widget 2024-11-21 N/A 6.1 MEDIUM
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.
CVE-2023-40753 1 Phpjabbers 1 Ticket Support Script 2024-11-21 N/A 5.4 MEDIUM
There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2.
CVE-2023-40752 1 Phpjabbers 1 Make An Offer Widget 2024-11-21 N/A 6.1 MEDIUM
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.
CVE-2023-40751 1 Phpjabbers 1 Fundraising Script 2024-11-21 N/A 6.1 MEDIUM
PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php.
CVE-2023-40750 1 Phpjabbers 1 Yacht Listing Script 2024-11-21 N/A 6.1 MEDIUM
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.
CVE-2023-40705 1 I-pro 1 Video Insight 2024-11-21 N/A 5.4 MEDIUM
Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-40684 1 Ibm 1 Content Navigator 2024-11-21 N/A 4.6 MEDIUM
IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019.
CVE-2023-40681 1 Groundhogg 1 Groundhogg 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions.
CVE-2023-40680 1 Yoast 1 Yoast Seo 2024-11-21 N/A 5.9 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.
CVE-2023-40677 1 Gopiplus 1 Vertical Marquee 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions.
CVE-2023-40676 1 Wp-slimstat 1 Slimstat Analytics 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.8 versions.
CVE-2023-40675 1 Pluginops 1 Landing Page Builder 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <= 1.5.1.2 versions.
CVE-2023-40674 1 Getlasso 1 Simple Urls 2024-11-21 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118.
CVE-2023-40669 1 Twinpictures 1 Collapse-o-matic 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in twinpictures, baden03 Collapse-O-Matic plugin <= 1.8.5.5 versions.
CVE-2023-40668 1 Pdfcrowd 1 Save As Pdf 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin <= 2.16.0 versions.
CVE-2023-40667 1 Getlasso 1 Simple Urls 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <= 117 versions.
CVE-2023-40665 1 Pdfcrowd 1 Save As Image 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin <= 2.16.0 versions.
CVE-2023-40664 1 Rednao 1 Smart Donations 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions.
CVE-2023-40663 1 Rextheme 1 Wp Vr 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions.
CVE-2023-40659 1 Joomboost 1 Easy Quick Contact 2024-11-21 N/A 6.1 MEDIUM
A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla.
CVE-2023-40658 1 Deconf 1 Clicky Analytics Dashboard 2024-11-21 N/A 6.1 MEDIUM
A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.
CVE-2023-40657 1 Artio 1 Joomdoc 2024-11-21 N/A 6.1 MEDIUM
A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.
CVE-2023-40656 1 Plasma-web 1 Quickform 2024-11-21 N/A 6.1 MEDIUM
A reflected XSS vulnerability was discovered in the Quickform component for Joomla.
CVE-2023-40655 1 Mooj 1 Proforms 2024-11-21 N/A 6.1 MEDIUM
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla.
CVE-2023-40628 1 Extplorer 1 Extplorer 2024-11-21 N/A 6.1 MEDIUM
A reflected XSS vulnerability was discovered in the Extplorer component for Joomla.
CVE-2023-40627 1 Mlwebtechnologies 1 Livingword 2024-11-21 N/A 6.1 MEDIUM
A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.