Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-22310 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.7. Published: January 31, 2024; 12:15:38 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-22307 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7. Published: January 31, 2024; 12:15:36 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-22306 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.This issue affects Mang Board WP: from n/a through 1.7.7. Published: January 31, 2024; 12:15:35 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2024-22302 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6. Published: January 31, 2024; 12:15:34 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-23508 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17. Published: January 31, 2024; 11:15:47 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-23505 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook – DearPDF: from n/a through 2.0.38. Published: January 31, 2024; 11:15:47 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-23502 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category – List Category Posts Or Recent Posts allows Stored XSS.This issue affects Posts List Designer by Category – List Category Posts Or Recent Posts: from n/a through 3.3.2. Published: January 31, 2024; 11:15:46 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-23834 |
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`. Published: January 30, 2024; 5:15:53 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-24556 |
urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1 Published: January 30, 2024; 1:15:48 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-37571 |
Softing TH SCOPE through 3.70 allows XSS. Published: January 29, 2024; 8:15:58 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-24135 |
Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. Published: January 29, 2024; 2:15:08 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-7089 |
The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Published: January 29, 2024; 10:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6503 |
The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. Published: January 29, 2024; 10:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-5378 |
Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown. Published: January 29, 2024; 7:15:07 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-7238 |
A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser. Published: January 23, 2024; 3:15:45 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-49657 |
A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their config to include: TALISMAN_CONFIG = { "content_security_policy": { "base-uri": ["'self'"], "default-src": ["'self'"], "img-src": ["'self'", "blob:", "data:"], "worker-src": ["'self'", "blob:"], "connect-src": [ "'self'", " https://api.mapbox.com" https://api.mapbox.com" ;, " https://events.mapbox.com" https://events.mapbox.com" ;, ], "object-src": "'none'", "style-src": [ "'self'", "'unsafe-inline'", ], "script-src": ["'self'", "'strict-dynamic'"], }, "content_security_policy_nonce_in": ["script-src"], "force_https": False, "session_cookie_secure": False, } Published: January 23, 2024; 10:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-23725 |
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. Published: January 20, 2024; 11:15:19 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-23659 |
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js. Published: January 19, 2024; 12:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-49943 |
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. Published: January 18, 2024; 2:15:09 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-7153 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS.This issue affects Macro-Bel: before V.1.0.1. Published: January 18, 2024; 10:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |