Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20965 | 1 Ultimatemember | 1 Ultimate Member | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 2.0.4 for WordPress has XSS. | |||||
| CVE-2019-13478 | 1 Yoast | 1 Yoast Seo | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. | |||||
| CVE-2016-10872 | 1 Ultimatemember | 1 Ultimate Member | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | |||||
| CVE-2017-18499 | 1 Simple-membership-plugin | 1 Simple Membership | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-membership plugin before 3.5.7 for WordPress has XSS. | |||||
| CVE-2015-9304 | 1 Ultimatemember | 1 Ultimate Member | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | |||||
| CVE-2015-9320 | 1 Optiontree Project | 1 Optiontree | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. | |||||
| CVE-2019-14948 | 1 Najeebmedia | 1 Ppom For Woocommerce | 2023-02-24 | 3.5 LOW | 5.4 MEDIUM |
| The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | |||||
| CVE-2017-18508 | 1 Wp-livechat | 1 Wp Live Chat Support | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. | |||||
| CVE-2019-14949 | 1 Wpseeds | 1 Wp Database Backup | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 5.1.2 for WordPress has XSS. | |||||
| CVE-2020-23226 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. | |||||
| CVE-2023-23467 | 1 Mediacp | 1 Media Control Panel | 2023-02-24 | N/A | 6.1 MEDIUM |
| Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint. | |||||
| CVE-2021-43137 | 1 Hostel Management System Project | 1 Hostel Management System | 2023-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | |||||
| CVE-2021-40555 | 1 Flatcore | 1 Flatcore | 2023-02-23 | N/A | 5.4 MEDIUM |
| Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. | |||||
| CVE-2016-10953 | 1 Headwaythemes | 1 Headway | 2023-02-23 | 3.5 LOW | 5.4 MEDIUM |
| The Headway theme before 3.8.9 for WordPress has XSS via the license key field. | |||||
| CVE-2022-25978 | 1 Usememos | 1 Memos | 2023-02-23 | N/A | 6.1 MEDIUM |
| All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. | |||||
| CVE-2022-48110 | 1 Ckeditor | 1 Ckeditor | 2023-02-23 | N/A | 6.1 MEDIUM |
| ** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator (who is adding CKEditor 5 functionality to a website) to choose the correct security settings for their use case. Also, safe default values are established (e.g., config.htmlEmbed.showPreviews is false). | |||||
| CVE-2022-47373 | 1 Pandorafms | 1 Pandora Fms | 2023-02-23 | N/A | 6.1 MEDIUM |
| Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. | |||||
| CVE-2022-47372 | 1 Pandorafms | 1 Pandora Fms | 2023-02-23 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload. | |||||
| CVE-2022-24891 | 3 Netapp, Oracle, Owasp | 4 Active Iq Unified Manager, Oncommand Workflow Automation, Weblogic Server and 1 more | 2023-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin. | |||||
| CVE-2022-29577 | 2 Antisamy Project, Oracle | 3 Antisamy, Enterprise Manager Base Platform, Weblogic Server | 2023-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367. | |||||