Total
28117 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-35708 | 1 Apollo13themes | 1 Rife Free | 2024-07-12 | N/A | 5.4 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19. | |||||
CVE-2024-27183 | 1 Dj-extensions | 1 Dj-helpfularticles | 2024-07-12 | N/A | 6.1 MEDIUM |
XSS vulnerability in DJ-HelpfulArticles component for Joomla. | |||||
CVE-2024-4655 | 1 Dotcamp | 1 Ultimate Blocks | 2024-07-12 | N/A | 5.4 MEDIUM |
The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
CVE-2024-6025 | 1 Expresstech | 1 Quiz And Survey Master | 2024-07-12 | N/A | 5.4 MEDIUM |
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks | |||||
CVE-2024-6026 | 1 10web | 1 Slider | 2024-07-12 | N/A | 5.4 MEDIUM |
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks | |||||
CVE-2024-6138 | 1 Ays-pro | 1 Secure Copy Content Protection And Content Locking | 2024-07-12 | N/A | 4.8 MEDIUM |
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
CVE-2024-6256 | 1 Smashballoon | 1 Feeds For Youtube | 2024-07-12 | N/A | 5.4 MEDIUM |
The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2024-6528 | 1 Schneider-electric | 10 Modicon Lmc058, Modicon Lmc058 Firmware, Modicon M241 and 7 more | 2024-07-12 | N/A | 6.1 MEDIUM |
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | |||||
CVE-2024-4477 | 1 Onetarek | 1 Wp Logs Book | 2024-07-12 | N/A | 5.4 MEDIUM |
The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting | |||||
CVE-2024-40740 | 1 Netbox | 1 Netbox | 2024-07-12 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/. | |||||
CVE-2024-40733 | 1 Netbox | 1 Netbox | 2024-07-12 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/. | |||||
CVE-2024-40618 | 2024-07-12 | N/A | 9.6 CRITICAL | ||
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. | |||||
CVE-2024-2375 | 1 2code | 1 Wpqa Builder | 2024-07-12 | N/A | 5.4 MEDIUM |
The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | |||||
CVE-2023-5942 | 1 Drelton | 1 Medialist | 2024-07-12 | N/A | 5.4 MEDIUM |
The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
CVE-2023-5343 | 1 Ays-pro | 1 Popup Box | 2024-07-12 | N/A | 4.8 MEDIUM |
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
CVE-2023-2707 | 1 Gappointments | 1 Gappointments | 2024-07-12 | N/A | 4.8 MEDIUM |
The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
CVE-2024-37554 | 1 Codeastrology | 1 Ultraaddons | 2024-07-12 | N/A | 5.4 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6. | |||||
CVE-2024-37553 | 1 Axelerant | 1 Testimonials Widget | 2024-07-12 | N/A | 5.4 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4. | |||||
CVE-2024-5802 | 1 Mythemeshop | 1 Url Shortener | 2024-07-12 | N/A | 4.8 MEDIUM |
The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
CVE-2024-38971 | 1 Vaethink | 1 Vaethink | 2024-07-12 | N/A | 5.4 MEDIUM |
vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. |