Total
21765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45817 | 2023-03-17 | N/A | N/A | ||
Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimonials plugin <= 1.3.2 versions. | |||||
CVE-2022-45814 | 2023-03-17 | N/A | N/A | ||
Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions. | |||||
CVE-2022-43461 | 2023-03-17 | N/A | N/A | ||
Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions. | |||||
CVE-2023-1470 | 2023-03-17 | N/A | N/A | ||
The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
CVE-2023-1172 | 2023-03-17 | N/A | N/A | ||
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2023-26040 | 2023-03-17 | N/A | N/A | ||
Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds. | |||||
CVE-2023-0150 | 1 Cloak Front End Email Project | 1 Cloak Front End Email | 2023-03-17 | N/A | 5.4 MEDIUM |
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
CVE-2022-3837 | 1 Wpmanage | 1 Uji Countdown | 2023-03-17 | N/A | 4.8 MEDIUM |
The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
CVE-2021-24705 | 1 Basixonline | 1 Nex-forms | 2023-03-17 | 3.5 LOW | 4.8 MEDIUM |
The NEX-Forms WordPress plugin before 8.3.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them | |||||
CVE-2023-0070 | 1 Responsivevoice | 1 Responsivevoice Text To Speech | 2023-03-17 | N/A | 5.4 MEDIUM |
The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
CVE-2023-27494 | 2023-03-16 | N/A | N/A | ||
Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit app(s) were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app. The attacker could then trick the user into visiting the malicious URL and, if successful, the server would render the malicious javascript payload as-is, leading to XSS. Version 0.81.0 contains a patch for this vulnerability. | |||||
CVE-2023-1359 | 1 Gadget Works Online Ordering System Project | 1 Gadget Works Online Ordering System | 2023-03-16 | N/A | 4.8 MEDIUM |
A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability. | |||||
CVE-2023-1363 | 1 Computer Parts Sales And Inventory System Project | 1 Computer Parts Sales And Inventory System | 2023-03-16 | N/A | 5.4 MEDIUM |
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222870 is the identifier assigned to this vulnerability. | |||||
CVE-2023-1372 | 1 Webhostings | 1 Wh Testimonials | 2023-03-16 | N/A | 6.1 MEDIUM |
The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as wh_homepage, wh_text_short, wh_text_full and in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2023-1374 | 1 Solidres | 1 Solidres | 2023-03-16 | N/A | 4.8 MEDIUM |
The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currency_name' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2022-47171 | 1 Ip Vault - Wp Firewall Project | 1 Ip Vault - Wp Firewall | 2023-03-16 | N/A | 4.8 MEDIUM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions. | |||||
CVE-2022-23791 | 1 Firmanet | 1 Customer Relation Manager | 2023-03-16 | N/A | 6.1 MEDIUM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13. | |||||
CVE-2023-24921 | 1 Microsoft | 1 Dynamics 365 | 2023-03-16 | N/A | 5.4 MEDIUM |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2023-24920 | 1 Microsoft | 1 Dynamics 365 | 2023-03-16 | N/A | 5.4 MEDIUM |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2023-24919 | 1 Microsoft | 1 Dynamics 365 | 2023-03-16 | N/A | 5.4 MEDIUM |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |