1312 matches found
CVE-2023-29434
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin = 1.3.1 versions...
CVE-2023-29423
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin = 1.3.2 versions...
CVE-2023-28044
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...
CVE-2023-27452
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wow-Company Button Generator – easily Button Builder plugin = 2.3.3 versions...
CVE-2023-26534 WordPress WP Repost Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in OneWebsite WP Repost plugin = 0.1 versions...
CVE-2023-27439
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in glSPICE New Adman plugin = 1.6.8 versions...
CVE-2023-26541
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alexander Suess asMember plugin = 1.5.4 versions...
CVE-2023-32114
SAP NetWeaver Change and Transport System - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact ...
CVE-2023-32582
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kyle Maurer Don8 plugin = 0.4 versions...
CVE-2023-31756
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions = 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an...
CVE-2022-47157
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Don Benjamin WP Custom Fields Search plugin = 1.2.34 versions...
OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT
Overview Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains an OS command injection vulnerability CWE-78. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed by an authenticat...
Cross site scripting
A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed...
CVE-2023-25491
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Samuel Marshall JCH Optimize plugin = 3.2.2 versions...
CVE-2022-46852
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Table Builder plugin = 1.4.6 versions...
CVE-2023-22683
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Themis Solutions, Inc. Clio Grow plugin = 1.0.0 versions...
CVE-2023-22921
A cross-site scripting XSS vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.14C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service DoS condition...
DEBIAN-CVE-2021-23186
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system...
CVE-2023-1623
The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack...
CVE-2023-23806
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davinder Singh Custom Settings plugin = 1.0 versions...