CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

WPVulnDB•added 2023/06/02 12:0 a.m.•7 views

Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF) to Stored XSS

The plugin does not protect the ajax actions azhsave against CSRF attacks, allowing an unauthenticated attacker to modify posts by tricking a logged in user with rights to edit the post to submit a crafted request. Furthermore if the targeted user has a role of editor or above, arbitrary web...

6.1CVSS6.2AI score0.00113EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/06/02 12:0 a.m.•13 views

Contact Form Builder by vcita < 4.10.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email parameter in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting higher privileged users, such as administrators, into the plugin settings. PoC...

6.4CVSS5.9AI score0.00215EPSS

Exploits1References2Affected Software1

WPVulnDB•added 2023/06/02 12:0 a.m.•20 views

Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitize and escape the businessid parameter of an unprotected REST route endpoint before rendering it back in pages on the website, allowing an unauthenticated attacker to inject arbitrary web scripts, which could target authenticated users such as administrators. PoC curl...

7.2CVSS6.7AI score0.03906EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2023/06/02 12:0 a.m.•14 views

Multiple plugins by vcita - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and the email field in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts in the plugin settings page, which could target high privilege users such as administrators. PoC...

6.4CVSS6.7AI score0.00407EPSS

Exploits2References3Affected Software2

WPVulnDB•added 2023/06/02 12:0 a.m.•18 views

Multiple plugins by vcita - CSRF to Stored XSS in settings page

The plugin does not protect the live-site-parse-vcita-callback settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a logged in user with contributor role or higher to click a link. PoC...

6.5CVSS6.9AI score0.00132EPSS

Exploits2References3Affected Software2

WPVulnDB•added 2023/06/01 12:0 a.m.•28 views

Bookly < 21.8 - Admin+ Stored Cross-Site Scripting via service titles

The plugin does not sanitize and escape service titles in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

4.8CVSS6.6AI score0.00392EPSS

Exploits0References1Affected Software1

OSV•added 2023/05/31 3:30 p.m.•11 views

GHSA-P74V-MWVG-8GHP Dcat-Admin vulnerable to Stored Cross-site Scripting

A stored cross-site scripting XSS vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter...

5.4CVSS5.2AI score0.00198EPSS

Exploits1References3

Github Security Blog•added 2023/05/31 3:30 p.m.•26 views

Dcat-Admin vulnerable to Stored Cross-site Scripting

A stored cross-site scripting XSS vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter...

5.4CVSS5.7AI score0.00198EPSS

Exploits1References3Affected Software1

OSV•added 2023/05/31 2:15 p.m.•12 views

CVE-2023-31548

A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS6AI score0.23499EPSS

Exploits1References1

Prion•added 2023/05/31 2:15 p.m.•17 views

Cross site scripting

A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS5.3AI score0.23499EPSS

Exploits1References1Affected Software1

OSV•added 2023/05/31 1:15 p.m.•12 views

CVE-2023-33736

A stored cross-site scripting XSS vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter...

5.4CVSS5.7AI score

Exploits0References1

NVD•added 2023/05/31 1:15 p.m.•7 views

CVE-2023-33736

A stored cross-site scripting XSS vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter...

5.4CVSS5.2AI score0.00198EPSS

Exploits1References1

Prion•added 2023/05/31 1:15 p.m.•11 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter...

4.9CVSS5.2AI score0.00198EPSS

Exploits1References1Affected Software1

Prion•added 2023/05/31 5:15 a.m.•18 views

Cross site scripting

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.9CVSS5AI score0.01848EPSS

Exploits0References4Affected Software1

Cvelist•added 2023/05/31 4:35 a.m.•16 views

CVE-2023-2304 Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.8AI score0.01848EPSS

Exploits0References4

Prion•added 2023/05/31 4:15 a.m.•15 views

Cross site scripting

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.3CVSS4.7AI score0.00287EPSS

Exploits2References3Affected Software1

Cvelist•added 2023/05/31 12:0 a.m.•17 views

CVE-2023-31548

A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.5AI score0.23499EPSS

Exploits1References1

WPVulnDB•added 2023/05/30 12:0 a.m.•22 views

CRM Perks Forms < 1.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the formid field in the plugin settings page, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...

4.8CVSS5.8AI score0.00287EPSS

Exploits2References1Affected Software1

Prion•added 2023/05/26 5:15 p.m.•7 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article...

4.9CVSS5.3AI score0.00548EPSS

Exploits1References1Affected Software1

NVD•added 2023/05/25 5:15 p.m.•8 views

CVE-2023-33751

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php...

5.4CVSS5.3AI score0.00213EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by