CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4382 matches found

CVE•added 2024/05/02 4:51 p.m.•56 views

CVE-2024-4334

CVE-2024-4334 affects Supreme Modules Lite for Divi (WordPress) via DOM-Based XSS in the typing_cursor parameter up to and including version 2.5.3 due to insufficient input sanitization/output escaping. Exploitation requires authenticated access at contributor level or higher, targeting pages loa...

6.4CVSS6AI score0.00563EPSS

Exploits0References5

Vulnrichment•added 2024/05/02 4:51 p.m.•10 views

CVE-2024-4334 Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting

The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the ‘typingcursor’ parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.00563EPSS

Exploits0References5

Cvelist•added 2024/05/02 4:51 p.m.•20 views

CVE-2024-4334 Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting

6.4CVSS6.6AI score0.00563EPSS

Exploits0References5

Patchstack•added 2024/05/02 2:34 a.m.•5 views

WordPress Supreme Modules Lite plugin <= 2.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Supreme Modules Lite versions = 2.5.3...

6.4CVSS6.3AI score0.00563EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/05/02 12:0 a.m.•49 views

Elementor Website Builder Pro < 3.21.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Description The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.9AI score0.00419EPSS

Exploits1References1Affected Software1

Patchstack•added 2024/04/29 12:3 p.m.•3 views

WordPress Getwid – Gutenberg Blocks plugin <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown' vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via 'Countdown' vulnerability discovered by Webbernaut in WordPress Plugin Getwid versions = 2.0.7...

6.4CVSS5.8AI score0.00535EPSS

Exploits0References1Affected Software1

OSV•added 2024/04/29 5:15 a.m.•3 views

CVE-2024-33648

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kemory Grubb Recencio Book Reviews allows DOM-Based XSS.This issue affects Recencio Book Reviews: from n/a through 1.66.0...

6.5CVSS5.5AI score

Exploits0References3

NVD•added 2024/04/10 4:15 a.m.•15 views

CVE-2024-2666

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.1AI score0.00441EPSS

Exploits0References2

Cvelist•added 2024/04/10 3:31 a.m.•20 views

CVE-2024-2666 Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

5.4CVSS5.2AI score0.00441EPSS

Exploits0References2

CVE•added 2024/04/10 3:31 a.m.•52 views

CVE-2024-2666

CVE-2024-2666 affects the Premium Addons for Elementor plugin for WordPress. The Red Hat and initial CVE records describe a DOM-Based Stored Cross-Site Scripting vulnerability in the plugin’s Bullet List Widget, present in all versions up to and including 4.10.24. The issue stems from insufficien...

5.4CVSS5.7AI score0.00441EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/04/10 3:31 a.m.•15 views

CVE-2024-2666 Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

5.4CVSS6.1AI score0.00441EPSS

Exploits0References2

Vulnrichment•added 2024/04/04 6:35 p.m.•17 views

CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

6.1CVSS5.9AI score0.00453EPSS

Exploits1References1

CVE•added 2024/04/04 6:35 p.m.•113 views

CVE-2024-29193

CVE-2024-29193 affects gotortc (go2rtc) where DOM-based XSS arises from lack of input sanitization when rendering API data on index.html via innerHTML. Affected versions: 1.8.5 and prior. The index page fetches streams client-side, iterates with Object.entries, and appends the first item with inn...

6.1CVSS5.9AI score0.00453EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/04/04 6:35 p.m.•24 views

CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability

6.1CVSS6.1AI score0.00453EPSS

Exploits1References1

NVD•added 2024/04/04 3:15 p.m.•32 views

CVE-2024-29191

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

6.1CVSS6AI score0.00447EPSS

Exploits1References2

Vulnrichment•added 2024/04/04 2:52 p.m.•14 views

CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability

6.1CVSS6AI score0.00447EPSS

Exploits1References2

Cvelist•added 2024/04/04 2:52 p.m.•40 views

CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability

6.1CVSS6.2AI score0.00447EPSS

Exploits1References2

OSV•added 2024/04/04 2:52 p.m.•26 views

CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability

6.1CVSS5.8AI score0.00447EPSS

Exploits1References4

NVD•added 2024/04/04 9:15 a.m.•17 views

CVE-2024-20800

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they...

5.4CVSS5.6AI score0.00459EPSS

Exploits0References1

Cvelist•added 2024/04/04 8:59 a.m.•23 views

CVE-2024-20800 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

5.4CVSS5.7AI score0.00459EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by