Search Results (47148 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0021 1 Sap 1 Netweaver 2025-02-27 6.1 Medium
Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.
CVE-2023-1536 1 Answer 1 Answer 2025-02-27 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
CVE-2023-1527 1 Corebos 1 Corebos 2025-02-27 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.
CVE-2024-4293 1 Phpgurukul 1 Doctor Appointment Management System 2025-02-27 3.5 Low
A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability.
CVE-2023-0844 1 Kibokolabs 1 Namaste\! Lms 2025-02-27 4.8 Medium
The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2023-0538 1 Campaign Url Builder Project 1 Campaign Url Builder 2025-02-27 5.4 Medium
The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0172 1 Saas.group 1 Juicer 2025-02-27 5.4 Medium
The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0073 1 Client Logo Carousel Project 1 Client Logo Carousel 2025-02-27 5.4 Medium
The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2022-4661 1 Themelocation 1 Widgets For Woocommerce Products On Elementor 2025-02-27 5.4 Medium
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2022-4466 1 Connekthq 1 Ajax Load More 2025-02-27 5.4 Medium
The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0219 1 Wpmanageninja 1 Fluentsmtp 2025-02-27 5.4 Medium
The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML.
CVE-2023-24279 1 Opennetworking 1 Onos 2025-02-27 6.1 Medium
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
CVE-2023-25593 1 Arubanetworks 1 Clearpass Policy Manager 2025-02-27 7.1 High
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVE-2023-25592 1 Arubanetworks 1 Clearpass Policy Manager 2025-02-27 7.1 High
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVE-2023-26457 1 Sap 1 Content Server 2025-02-27 6.1 Medium
SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.
CVE-2024-2247 1 Jfrog 1 Artifactory 2025-02-27 8.8 High
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.
CVE-2023-5354 1 Getawesomesupport 1 Awesome Support 2025-02-26 6.1 Medium
The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2023-5228 1 Wpeverest 1 User Registration 2025-02-26 4.8 Medium
The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2023-5181 1 Sarveshmrao 1 Wp Discord Invite 2025-02-26 4.8 Medium
The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-4858 1 Topcode 1 Simple Table Manager 2025-02-26 4.8 Medium
The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).