Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-23732 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions. Published: May 09, 2023; 7:15:09 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-23793 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions. Published: May 09, 2023; 6:15:10 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-23664 |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions. Published: May 09, 2023; 6:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-41640 |
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions. Published: May 09, 2023; 6:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-23863 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions. Published: May 09, 2023; 4:15:08 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-30742 |
SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker. Published: May 08, 2023; 10:15:12 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-29188 |
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data. Published: May 08, 2023; 9:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-22710 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions. Published: May 08, 2023; 7:15:09 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-24376 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions. Published: May 08, 2023; 6:15:09 PM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-23894 |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions. Published: May 08, 2023; 6:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-31183 |
Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint. Published: May 08, 2023; 5:15:12 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-31180 |
WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request. Published: May 08, 2023; 5:15:12 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-30334 |
AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries. Published: May 08, 2023; 5:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-2582 |
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser. Published: May 08, 2023; 5:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-28493 |
Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions. Published: May 08, 2023; 11:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-24408 |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions. Published: May 08, 2023; 11:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-47439 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions. Published: May 08, 2023; 11:15:09 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-47437 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions. Published: May 08, 2023; 11:15:09 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-45065 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions. Published: May 08, 2023; 11:15:09 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-1660 |
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard Published: May 08, 2023; 10:15:13 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |