Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29025 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 4.7 Medium
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
CVE-2023-29024 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 5.5 Medium
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
CVE-2023-29023 1 Rockwellautomation 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more 2024-11-21 7 High
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
CVE-2023-29009 1 Basercms 1 Basercms 2024-11-21 6.1 Medium
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.
CVE-2023-28994 1 Uxthemes 1 Flatsome 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-themes Flatsome plugin <= 3.16.8 versions.
CVE-2023-28992 1 Relywp 1 Coupon Affiliates 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin <= 5.4.3 versions.
CVE-2023-28991 1 Piwebsolution 1 Pi-woocommerce-order-date-time-and-type 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19 versions.
CVE-2023-28988 1 Piwebsolution 1 Add-to-cart-direct-checkout-for-woocommerce 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <= 2.1.48 versions.
CVE-2023-28933 1 Stpetedesign 1 Call Now Accessibility Button 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <= 1.1 versions.
CVE-2023-28931 1 Never5 1 Post Connector 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions.
CVE-2023-28884 1 Misp-project 1 Malware Information Sharing Platform 2024-11-21 6.1 Medium
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
CVE-2023-28875 1 Afian 1 Filerun 2024-11-21 5.4 Medium
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link.
CVE-2023-28873 1 Seafile 1 Seafile 2024-11-21 5.4 Medium
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.
CVE-2023-28819 1 Concretecms 1 Concrete Cms 2024-11-21 3.5 Low
Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.
CVE-2023-28790 1 Simple Staff List Project 1 Simple Staff List 2024-11-21 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions.
CVE-2023-28785 1 Yoast 1 Yoast Seo 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions.
CVE-2023-28784 1 Contest-gallery 1 Contest Gallery 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.
CVE-2023-28783 1 Phpradar 1 Woocommerce Tip\/donation 2024-11-21 5.9 Medium
Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.
CVE-2023-28779 1 Simplecoding 1 Terms Descriptions 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.
CVE-2023-28778 1 Bestwebsoft 1 Pagination 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions.