ReportizFlow
Filtered by vendor
Subscriptions
Total
45086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6362 | 1 Dotcamp | 1 Ultimate Blocks | 2025-05-29 | 4.6 Medium |
| The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-6223 | 2 Yasir, Yasirwazir | 2 Send Email Only On Reply To My Comment, Send Email Only On Reply To My Comment | 2025-05-29 | 6.1 Medium |
| The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-6224 | 2 Elance360, Yasirwazir | 2 Send-email-only-on-reply-to-my-comment, Send Email Only On Reply To My Comment | 2025-05-29 | 5.9 Medium |
| The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2023-43953 | 1 Sscms | 1 Sscms | 2025-05-29 | 5.4 Medium |
| SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component. | ||||
| CVE-2024-51108 | 1 Anujk305 | 1 Medical Card Generation System | 2025-05-29 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters. | ||||
| CVE-2024-51107 | 1 Anujk305 | 1 Medical Card Generation System | 2025-05-29 | 4.8 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters. | ||||
| CVE-2024-48702 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-05-29 | 5.4 Medium |
| PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. | ||||
| CVE-2024-24134 | 1 Remyandrade | 1 Online Food Menu | 2025-05-29 | 4.8 Medium |
| Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. | ||||
| CVE-2024-22639 | 1 Igalerie | 1 Igalerie | 2025-05-29 | 6.1 Medium |
| iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface. | ||||
| CVE-2024-22559 | 1 Lightcms Project | 1 Lightcms | 2025-05-29 | 5.4 Medium |
| LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. | ||||
| CVE-2024-22551 | 1 Ushainformatique | 1 Whatacart | 2025-05-29 | 6.1 Medium |
| WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. | ||||
| CVE-2023-6530 | 1 Theme-junkie | 1 Tj Shortcodes | 2025-05-29 | 5.4 Medium |
| The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-48202 | 1 Sunlight-cms | 1 Sunlight Cms | 2025-05-29 | 5.4 Medium |
| Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. | ||||
| CVE-2023-48201 | 1 Sunlight-cms | 1 Sunlight Cms | 2025-05-29 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. | ||||
| CVE-2022-38527 | 1 Ucms Project | 1 Ucms | 2025-05-29 | 6.1 Medium |
| UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page. | ||||
| CVE-2024-4756 | 1 Wpbackpack | 1 Wp Backpack | 2025-05-29 | 5.4 Medium |
| The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-23855 | 1 Ajaysharma | 1 Cups Easy | 2025-05-29 | 8.2 High |
| A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | ||||
| CVE-2024-21620 | 1 Juniper | 105 Ex2200, Ex2200-c, Ex2200-vc and 102 more | 2025-05-29 | 8.8 High |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2. | ||||
| CVE-2024-23856 | 1 Ajaysharma | 1 Cups Easy | 2025-05-29 | 8.2 High |
| A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | ||||
| CVE-2024-23857 | 1 Ajaysharma | 1 Cups Easy | 2025-05-29 | 8.2 High |
| A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | ||||