| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <= 1.3.0 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XootiX Side Cart Woocommerce (Ajax) plugin <= 2.2 versions. |
| If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <= 1.2.4 versions. |
| Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions. |
| Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage.
|
| HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
|
| HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
|
| The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.
|
| The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
| Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <= 2.4 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions. |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions. |
