Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...
4.3CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
8.1AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through...
5.4CVSS
7.1AI Score
0.0004EPSS
7.8CVSS
8.1AI Score
0.003EPSS
7.8CVSS
7.3AI Score
0.001EPSS
The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.4CVSS
6.2AI Score
0.0004EPSS
5.5CVSS
5.4AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
5.5CVSS
5.4AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue...
5.4CVSS
5.5AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.005EPSS
7.1CVSS
6.2AI Score
0.001EPSS
5.5CVSS
6AI Score
0.001EPSS
8.8CVSS
8.2AI Score
0.007EPSS
7.8CVSS
8.2AI Score
0.001EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to.....
6.5CVSS
6.3AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.003EPSS
7.8CVSS
7.7AI Score
0.003EPSS
7.8CVSS
7.7AI Score
0.007EPSS
7.8CVSS
7.8AI Score
0.005EPSS
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...
9.8CVSS
9.4AI Score
0.002EPSS
5.5CVSS
5.3AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.032EPSS
7.8CVSS
7.7AI Score
0.03EPSS
7.8CVSS
7.6AI Score
0.382EPSS
5.5CVSS
6AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.03EPSS
7.8CVSS
7.5AI Score
0.03EPSS
7.8CVSS
7.5AI Score
0.017EPSS
7.8CVSS
7.5AI Score
0.031EPSS
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.041EPSS
7.8CVSS
8.1AI Score
0.016EPSS
7.8CVSS
7.6AI Score
0.016EPSS
A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used...
4.3CVSS
4.3AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.012EPSS
5.5CVSS
6AI Score
0.002EPSS
7.8CVSS
7.7AI Score
0.01EPSS
7.8CVSS
7.8AI Score
0.106EPSS
5.5CVSS
6AI Score
0.0004EPSS
5.5CVSS
5.9AI Score
0.009EPSS
7.8CVSS
7.7AI Score
0.104EPSS
7.8CVSS
7.7AI Score
0.104EPSS