Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-51723 |
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. Published: January 17, 2024; 2:15:48 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51722 |
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. Published: January 17, 2024; 2:15:47 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51721 |
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. Published: January 17, 2024; 2:15:47 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51720 |
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. Published: January 17, 2024; 2:15:46 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51719 |
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. Published: January 17, 2024; 2:15:45 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-7084 |
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks Published: January 16, 2024; 11:15:14 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-7083 |
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Published: January 16, 2024; 11:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0824 |
The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. Published: January 16, 2024; 11:15:10 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-0479 |
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding. Published: January 16, 2024; 11:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-3194 |
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. Published: January 16, 2024; 11:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-1618 |
The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads Published: January 16, 2024; 11:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-1617 |
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them Published: January 16, 2024; 11:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-24567 |
The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. Published: January 16, 2024; 11:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-0314 |
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking. Published: January 15, 2024; 11:15:12 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-51064 |
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table. Published: January 12, 2024; 11:15:07 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50072 |
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS. Published: January 12, 2024; 8:15:38 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-22142 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0. Published: January 12, 2024; 7:15:44 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-22137 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11. Published: January 12, 2024; 7:15:44 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-22494 |
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. Published: January 12, 2024; 11:15:52 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-22493 |
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. Published: January 12, 2024; 11:15:52 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |