Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-25364 |
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks. Published: March 27, 2024; 3:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28335 |
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command. Published: March 27, 2024; 2:15:19 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25926 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1. Published: March 27, 2024; 2:15:18 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25920 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4. Published: March 27, 2024; 2:15:18 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24842 |
Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2. Published: March 27, 2024; 2:15:17 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24800 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5. Published: March 27, 2024; 2:15:16 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24700 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8. Published: March 27, 2024; 2:15:16 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22311 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20. Published: March 27, 2024; 2:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22300 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11. Published: March 27, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22299 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. Published: March 27, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22288 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0. Published: March 27, 2024; 2:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22149 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5. Published: March 27, 2024; 2:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52228 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24. Published: March 27, 2024; 2:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-49815 |
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. Published: March 27, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-46052 |
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file. Published: March 27, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-46051 |
TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem. Published: March 27, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-46049 |
LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem. Published: March 27, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-39306 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1. Published: March 27, 2024; 2:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-31854 |
std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem. Published: March 27, 2024; 2:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-31634 |
In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126. Published: March 27, 2024; 2:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |