CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Prion•added 2024/02/01 8:50 p.m.•22 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php...

5.8CVSS5.9AI score0.00278EPSS

Exploits1References2Affected Software1

Prion•added 2024/02/01 4:15 a.m.•16 views

Cross site scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

4.9CVSS5.9AI score0.0013EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/02/01 12:0 a.m.•14 views

CVE-2024-24945

6.1AI score0.00278EPSS

Exploits1References2

NVD•added 2024/01/31 3:15 a.m.•9 views

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.7AI score0.00082EPSS

Exploits0References2

Prion•added 2024/01/31 3:15 a.m.•18 views

Cross site scripting

4.9CVSS5.9AI score0.00082EPSS

Exploits0References2Affected Software1

Prion•added 2024/01/29 8:15 p.m.•9 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS5.7AI score0.00078EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/01/29 12:0 a.m.•18 views

CVE-2024-22570

A stored cross-site scripting XSS vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4AI score0.00078EPSS

Exploits0References1

Prion•added 2024/01/27 6:15 a.m.•17 views

Cross site scripting

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...

4.3CVSS5.9AI score0.00128EPSS

Exploits1References3Affected Software1

Cvelist•added 2024/01/27 5:38 a.m.•11 views

CVE-2024-0618 Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title

4.4CVSS4.9AI score0.00128EPSS

Exploits1References3

WPVulnDB•added 2024/01/26 12:0 a.m.•13 views

PDF Poster - PDF Embedder Plugin for WordPress < 2.1.18 - Reflected Cross-Site Scripting

Description The PDF Poster - PDF Embedder Plugin for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS6.1AI score0.00083EPSS

Exploits0References1Affected Software1

NVD•added 2024/01/25 3:15 a.m.•13 views

CVE-2024-0625

The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-optionscustomclass’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS4.4AI score0.00191EPSS

Exploits0References3

Prion•added 2024/01/25 3:15 a.m.•16 views

Cross site scripting

4.3CVSS6AI score0.00191EPSS

Exploits0References3Affected Software1

Prion•added 2024/01/24 2:15 p.m.•19 views

Cross site scripting

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

5.8CVSS6.6AI score0.57109EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/01/24 1:52 p.m.•18 views

CVE-2023-6697 WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting

6.1CVSS6.1AI score0.57109EPSS

Exploits0References2

NVD•added 2024/01/24 8:15 a.m.•12 views

CVE-2024-0665

The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.00656EPSS

Exploits0References3

Prion•added 2024/01/24 8:15 a.m.•16 views

Cross site scripting

5.8CVSS6.6AI score0.00656EPSS

Exploits0References3Affected Software1

Cvelist•added 2024/01/24 7:30 a.m.•19 views

CVE-2024-0665 WP Customer Area <= 8.2.2 - Reflected Cross-Site Scripting

6.1CVSS6.2AI score0.00656EPSS

Exploits0References3

WPVulnDB•added 2024/01/24 12:0 a.m.•22 views

Shield Security < 18.5.8 - Unauthenticated Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via the getColumnContentPage function due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...

7.1CVSS6AI score0.00083EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/01/24 12:0 a.m.•13 views

Robo Gallery < 3.2.18 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting idue to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

5.9CVSS5.7AI score0.00051EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/01/24 12:0 a.m.•7 views

Posts List Designer by Category < 3.3.3 - Contributor+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

4.9CVSS5.3AI score0.00084EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by