Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26888 | 1 Intel | 1 Quartus Prime | 2023-03-06 | N/A | 4.1 MEDIUM |
| Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-0934 | 1 Answer | 1 Answer | 2023-03-06 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5. | |||||
| CVE-2023-26608 | 1 Vxcontrol | 1 Soldr | 2023-03-06 | N/A | 5.4 MEDIUM |
| SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor. | |||||
| CVE-2022-38220 | 1 Quest | 1 Kace Systems Management Appliance | 2023-03-06 | N/A | 6.1 MEDIUM |
| An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | |||||
| CVE-2023-0034 | 1 Crocoblock | 1 Jetwidgets For Elementor | 2023-03-06 | N/A | 5.4 MEDIUM |
| The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-32852 | 1 Count | 1 Countly Server | 2023-03-05 | N/A | 9.0 CRITICAL |
| Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11. | |||||
| CVE-2023-0043 | 1 Add User Project | 1 Add User | 2023-03-05 | N/A | 6.1 MEDIUM |
| The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-0585 | 1 Aioseo | 1 All In One Seo | 2023-03-05 | N/A | 4.8 MEDIUM |
| The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-0230 | 1 Vektor-inc | 1 Vk All In One Expansion Unit | 2023-03-03 | N/A | 5.4 MEDIUM |
| The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0168 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2023-03-03 | N/A | 5.4 MEDIUM |
| The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-24251 | 1 Wangeditor | 1 Wangeditor | 2023-03-03 | N/A | 5.4 MEDIUM |
| WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js. | |||||
| CVE-2023-0334 | 1 Shortpixel | 1 Shortpixel Adaptive Images | 2023-03-03 | N/A | 6.1 MEDIUM |
| The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin | |||||
| CVE-2023-0548 | 1 Kibokolabs | 1 Namaste\! Lms | 2023-03-03 | N/A | 4.8 MEDIUM |
| The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-0543 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2023-03-03 | N/A | 4.8 MEDIUM |
| The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2023-0535 | 1 Donation Block For Paypal Project | 1 Donation Block For Paypal | 2023-03-03 | N/A | 5.4 MEDIUM |
| The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0539 | 1 Gsplugins | 1 Gs Insever Portfolio | 2023-03-03 | N/A | 5.4 MEDIUM |
| The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4829 | 1 Show-hide \/ Collapse-expand Project | 1 Show-hide \/ Collapse-expand | 2023-03-03 | N/A | 5.4 MEDIUM |
| The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-0586 | 1 Aioseo | 1 All In One Seo | 2023-03-03 | N/A | 5.4 MEDIUM |
| The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-1081 | 1 Microweber | 1 Microweber | 2023-03-03 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | |||||
| CVE-2023-1117 | 1 Pimcore | 1 Pimcore | 2023-03-03 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | |||||