Export limit exceeded: 47163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33208 | 1 Cookie Monster Project | 1 Cookie Monster | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions. | ||||
| CVE-2023-32965 | 1 Crudlab | 1 Jazz Popups | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions. | ||||
| CVE-2023-32962 | 1 Hasthemes | 1 Wishsuite | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions. | ||||
| CVE-2023-32961 | 1 Zotpress Project | 1 Zotpress | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions. | ||||
| CVE-2023-32958 | 1 Nosegraze | 1 Novelist | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin <= 1.2.0 versions. | ||||
| CVE-2023-32957 | 1 Dazzlersoft | 1 Team Members Showcase | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions. | ||||
| CVE-2023-32802 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. | ||||
| CVE-2023-32801 | 1 Woocommerce | 1 Composite Products | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions. | ||||
| CVE-2023-32800 | 1 Rankmath | 1 Seo Pro | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <= 3.0.35 versions. | ||||
| CVE-2023-32797 | 1 I13websolution | 1 Video Carousel Slider With Lightbox | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. | ||||
| CVE-2023-32796 | 1 Mingocommerce | 1 Woocommerce Product Enquiry | 2024-11-21 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions. | ||||
| CVE-2023-32793 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. | ||||
| CVE-2023-32790 | 1 Nxlog | 1 Nxlog Manager | 2024-11-21 | 4.6 Medium |
| Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter. | ||||
| CVE-2023-32746 | 1 Woocommerce | 1 Woocommerce Brands | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. | ||||
| CVE-2023-32740 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions. | ||||
| CVE-2023-32738 | 1 Xtendify | 1 Eonet Manual User Approve | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions. | ||||
| CVE-2023-32693 | 1 Decidim | 1 Decidim | 2024-11-21 | 8.1 High |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7. | ||||
| CVE-2023-32671 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | 6.3 Medium |
| A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation. | ||||
| CVE-2023-32670 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | 9 Critical |
| Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded. | ||||
| CVE-2023-32652 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 8 High |
| PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. | ||||