CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6239 matches found

CNVD•added 2024/10/30 12:0 a.m.•7 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2024-43204)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

5.4CVSS6.6AI score0.0038EPSS

Exploits0References1

Positive Technologies•added 2024/10/29 12:0 a.m.•8 views

PT-2024-32698 · Wedevs · Wedevs Wp Erp

Name of the Vulnerable Software and Affected Versions: weDevs WP ERP versions 1.13.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For...

7.1CVSS5.7AI score0.00343EPSS

Exploits0References5

OSV•added 2024/10/28 6:15 p.m.•1 views

CVE-2024-50438

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Andy Moyle Church Admin allows Reflected XSS.This issue affects Church Admin: from n/a before 5.0.0...

6.1CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2024/10/28 12:42 p.m.•9 views

CVE-2024-50502 WordPress Cozy Blocks plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CozyThemes Cozy Blocks cozy-addons allows DOM-Based XSS.This issue affects Cozy Blocks: from n/a through = 2.0.18...

6.5CVSS5.9AI score0.00239EPSS

Exploits0References1

OSV•added 2024/10/26 9:15 a.m.•2 views

CVE-2024-9967

The WP show more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's showmore shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS6AI score0.00334EPSS

Exploits0References6

Cvelist•added 2024/10/24 6:22 p.m.•30 views

CVE-2024-46994 baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...

5.4CVSS0.0028EPSS

Exploits0References2

OSV•added 2024/10/23 4:15 p.m.•2 views

CVE-2024-49701

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Theme Horse Mags.This issue affects Mags: from n/a through 1.1.6...

8.8CVSS5.8AI score

Exploits0References1

OpenVAS•added 2024/10/23 12:0 a.m.•8 views

Discourse < 3.3.1, 3.4.x < 3.4.0.beta1 DoS Vulnerability

Discourse is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS5.7AI score0.00443EPSS

Exploits0References1

Patchstack•added 2024/10/21 12:0 a.m.•7 views

WordPress Campus Explorer Widget Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Campus Explorer Widget Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49660 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f8147e5ae215 Credits Mika Required privilege...

7.1CVSS6.5AI score0.00281EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/10/18 9:57 a.m.•16 views

CVE-2024-49225 WordPress wpPricing Builder plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swebdeveloper wpPricing Builder wppricing-builder-lite-responsive-pricing-table-builder allows Stored XSS.This issue affects wpPricing Builder: from n/a through = 1.5.0...

6.5CVSS0.0025EPSS

Exploits0References1

OSV•added 2024/10/18 5:15 a.m.•3 views

CVE-2024-9452

The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inje...

5.4CVSS5.9AI score

Exploits0References2

Patchstack•added 2024/10/18 2:50 a.m.•3 views

WordPress Advanced Category and Custom Taxonomy Image plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_tax_image Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via adtaximage Shortcode vulnerability discovered by theviper17y in WordPress Plugin Advanced Category and Custom Taxonomy Image versions = 1.0.9...

6.4CVSS5.8AI score0.00295EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/17 12:0 a.m.•10 views

WordPress Gantry 4 Framework Plugin <= 4.1.21 is vulnerable to Cross Site Scripting (XSS)

Software Gantry 4 Framework Type Plugin Vulnerable versions = 4.1.21 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9382 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e1bc106a0d6 Credits vgo0 Required...

6.1CVSS5.6AI score0.00309EPSS

Exploits0References2Affected Software1

CNVD•added 2024/10/17 12:0 a.m.•12 views

Esri Portal For ArcGIS Cross-Site Scripting Hole (CNVD-2024-41006)

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

6.1CVSS6.2AI score0.00302EPSS

Exploits0References1

CNVD•added 2024/10/17 12:0 a.m.•7 views

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41008)

6.1CVSS6.4AI score0.00302EPSS

Exploits0References1

CNNVD•added 2024/10/16 12:0 a.m.•7 views

WordPress plugin Formidable Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

8.3CVSS6AI score0.00999EPSS

Exploits2References5

Patchstack•added 2024/10/15 12:0 a.m.•8 views

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49289 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bde6da8a46e5 Credits RE-ALTER Required privilege Contributor...

6.5CVSS6.5AI score0.00235EPSS

Exploits0References1Affected Software1

Veracode•added 2024/10/11 8:26 a.m.•7 views

Cross-Site Scripting (XSS)

phpoffice/phpspreadsheet is vulnerable to a cross-site scripting XSS. The vulnerability is due to improper handling of input where a number is expected, allowing an attacker to perform formula injection through direct concatenation of user-supplied parameters into spreadsheet formulas...

7.1CVSS6.3AI score0.00466EPSS

Exploits1References6Affected Software1

Patchstack•added 2024/10/10 8:9 p.m.•3 views

WordPress Tainacan plugin <= 0.21.10 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Tainacan versions = 0.21.10...

6.1CVSS6.3AI score0.00399EPSS

Exploits0References1Affected Software1

Veracode•added 2024/10/10 2:17 p.m.•8 views

Cross-site Scripting (XSS)

LimeSurvey is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization, allowing a remote attacker to execute arbitrary code by injecting a crafted script into the title and comment fields...

6.1CVSS6.8AI score0.00535EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by