ReportizFlow
Filtered by vendor
Subscriptions
Total
31622 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4507 | 1 Zvijerka | 1 Admission Appmanager | 2024-08-19 | 6.1 Medium |
| The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-43320 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.9. | ||||
| CVE-2024-7914 | 2 Oretnom23, Sourcecodester | 2 Yoga Class Registration System, Yoga Class Registration System | 2024-08-19 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43284 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.5.1. | ||||
| CVE-2024-43263 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3. | ||||
| CVE-2024-43348 | 2024-08-19 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9. | ||||
| CVE-2024-43346 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3. | ||||
| CVE-2024-43306 | 2024-08-19 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0. | ||||
| CVE-2024-43304 | 2024-08-19 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.8.0. | ||||
| CVE-2024-43294 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Timeline Lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through 1.2.0. | ||||
| CVE-2024-43349 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. | ||||
| CVE-2024-43347 | 2024-08-19 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3. | ||||
| CVE-2024-43344 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Icegram allows Stored XSS.This issue affects Icegram: from n/a through 3.1.25. | ||||
| CVE-2024-43307 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2. | ||||
| CVE-2024-43305 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts – Post + Product grids made easy allows Stored XSS.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through 1.4.11. | ||||
| CVE-2024-43303 | 2024-08-19 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4. | ||||
| CVE-2024-43009 | 1 Zzcms | 1 Zzcms | 2024-08-19 | 4.7 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTP_REFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user into visiting a specially crafted URL, which includes a malicious Referer header. This can lead to the execution of arbitrary JavaScript code in the context of the victim's browser, potentially resulting in session hijacking, defacement, or other malicious activities. | ||||
| CVE-2024-43292 | 2024-08-19 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.16. | ||||
| CVE-2024-43267 | 2024-08-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This issue affects Mega Addons For Elementor: from n/a through 1.9. | ||||
| CVE-2024-7300 | 1 Bolt | 1 Bolt Cms | 2024-08-19 | 3.5 Low |
| A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument title/textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. | ||||