CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

0day.today•added 2023/04/24 12:0 a.m.•304 views

WordPress PowerPress 10.0 Cross Site Scripting Vulnerability

On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in Blubrry’s PowerPress plugin, which is actively installed on more than 50,000 WordPress websites. The vulnerability enables threat...

5.4CVSS9.4AI score0.00135EPSS

Exploits1

NVD•added 2023/04/19 12:15 p.m.•13 views

CVE-2023-27776

A stored cross-site scripting XSS vulnerability in /index.php?page=categorylist of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter...

5.4CVSS5.3AI score0.00213EPSS

Exploits1References2

Prion•added 2023/04/19 12:15 p.m.•17 views

Cross site scripting

4.9CVSS5.2AI score0.00213EPSS

Exploits1References2Affected Software1

NVD•added 2023/04/19 10:15 a.m.•12 views

CVE-2023-2169

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

5.5CVSS5AI score0.00571EPSS

Exploits0References3

Cvelist•added 2023/04/19 9:38 a.m.•18 views

CVE-2023-2169 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5CVSS5.2AI score0.00571EPSS

Exploits0References3

Vulnrichment•added 2023/04/19 9:38 a.m.•10 views

CVE-2023-2168

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inje...

5.5CVSS5.1AI score0.00462EPSS

Exploits0References3

Cvelist•added 2023/04/19 9:38 a.m.•20 views

CVE-2023-2168 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5CVSS5.2AI score0.00462EPSS

Exploits0References3

Cvelist•added 2023/04/19 12:0 a.m.•15 views

CVE-2023-27776

5.4AI score0.00213EPSS

Exploits1References2

NVD•added 2023/04/18 2:15 a.m.•8 views

CVE-2023-2120

The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.03681EPSS

Exploits0References3

NVD•added 2023/04/18 2:15 a.m.•12 views

CVE-2023-2119

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.03681EPSS

Exploits0References3

Prion•added 2023/04/18 2:15 a.m.•17 views

Cross site scripting

5.8CVSS6AI score0.03681EPSS

Exploits0References3Affected Software1

Prion•added 2023/04/18 2:15 a.m.•14 views

Cross site scripting

5.8CVSS6AI score0.03681EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/04/18 1:57 a.m.•19 views

CVE-2023-2120 Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting

6.1CVSS6.2AI score0.03681EPSS

Exploits0References3

OSV•added 2023/04/14 2:15 p.m.•12 views

CVE-2023-29847

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the commentauthor and commentcontent parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS6.2AI score0.00198EPSS

Exploits1References1

Prion•added 2023/04/14 2:15 p.m.•18 views

Cross site scripting

4.9CVSS5.4AI score0.00198EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2023/04/14 12:0 a.m.•3 views

PT-2023-22443 · Aerocms · Aerocms

Name of the Vulnerable Software and Affected Versions: AeroCMS version 0.0.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload, exploiting multiple stored cross-site scripting XSS vulnerabilities. These vulnerabilities are accessible via the...

5.4CVSS5.6AI score0.00198EPSS

Exploits1References5

Vulnrichment•added 2023/04/14 12:0 a.m.•7 views

CVE-2023-29847

5.5AI score0.00198EPSS

Exploits1References1

NVD•added 2023/04/11 3:15 p.m.•8 views

CVE-2023-26846

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...

5.4CVSS5.3AI score0.00213EPSS

Exploits0References2

OSV•added 2023/04/11 3:15 p.m.•12 views

CVE-2023-26846

5.4CVSS5.7AI score0.00213EPSS

Exploits0References2

OSV•added 2023/04/11 3:15 p.m.•12 views

CVE-2023-26847

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...

5.4CVSS5.7AI score0.00548EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by