ReportizFlow
Filtered by vendor
Subscriptions
Total
45092 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44852 | 1 Cobham | 2 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware | 2025-05-27 | 8.2 High |
| Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file. | ||||
| CVE-2020-25730 | 1 Zoneminder | 1 Zoneminder | 2025-05-27 | 8.2 High |
| Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php. | ||||
| CVE-2023-4709 | 1 Totvs | 1 Rm | 2025-05-27 | 3.1 Low |
| A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. It is possible to mitigate the problem by applying the configuration setting <pages validateRequest="true" [...] viewStateEncryptionMode="Always" />. It is recommended to change the configuration settings. The vendor was initially contacted early about this disclosure but did not respond in any way. In a later statement he explains, that "the behavior described [...] is related to specific configurations that are not part of the default application setup. In standard production environments, the relevant feature (VIEWSTATE) is disabled by default, which effectively mitigates the risk of exploitation." | ||||
| CVE-2025-2206 | 1 Aitangbao | 1 Springboot-manager | 2025-05-26 | 2.4 Low |
| A vulnerability classified as problematic has been found in aitangbao springboot-manager 3.0. This affects an unknown part of the file /sys/permission. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0692 | 1 Maximize | 1 Simple Video Management System | 2025-05-26 | 3.5 Low |
| The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13332 | 1 Kwmsources | 1 Transfinanz | 2025-05-26 | 6.1 Medium |
| The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-1830 | 1 Zframeworks | 1 Zz | 2025-05-26 | 2.4 Low |
| A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of the argument Customer Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-12723 | 1 Infility | 1 Infility Global | 2025-05-24 | 6.1 Medium |
| The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2021-34660 | 1 Verygoodplugins | 1 Wp Fusion | 2025-05-23 | 6.1 Medium |
| The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18. | ||||
| CVE-2021-34640 | 1 Securimage-wp-fixed Project | 1 Securimage-wp-fixed | 2025-05-23 | 6.1 Medium |
| The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4. | ||||
| CVE-2021-34655 | 1 Wp Songbook Project | 1 Wp Songbook | 2025-05-23 | 6.1 Medium |
| The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the ~/inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11. | ||||
| CVE-2021-34658 | 1 Keszites | 1 Simple Popup Newsletter | 2025-05-23 | 6.1 Medium |
| The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7. | ||||
| CVE-2021-34663 | 1 Arvtard | 1 Jquery Tagline Rotator | 2025-05-23 | 6.1 Medium |
| The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5. | ||||
| CVE-2021-34659 | 1 Sizmic | 1 Plugmatter Pricing Table | 2025-05-23 | 6.1 Medium |
| The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `email` parameter in the ~/license.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.32. | ||||
| CVE-2021-34664 | 1 Moova | 1 Moova For Woocommerce | 2025-05-23 | 6.1 Medium |
| The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the ~/Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5. | ||||
| CVE-2021-34665 | 1 Wp Seo Tags Project | 1 Wp Seo Tags | 2025-05-23 | 6.1 Medium |
| The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the saq_txt_the_filter parameter in the ~/wp-seo-tags.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.7. | ||||
| CVE-2024-13382 | 1 Codepeople | 1 Calculated Fields Form | 2025-05-23 | 4.8 Medium |
| The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13729 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-05-23 | 4.8 Medium |
| The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13730 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-05-23 | 4.8 Medium |
| The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2012-3040 | 1 Siemens | 18 Simatic S7-1200, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1211c Firmware and 15 more | 2025-05-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | ||||