| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound TTT Crop allows Reflected XSS. This issue affects TTT Crop: from n/a through 1.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post allows Stored XSS. This issue affects VKontakte Cross-Post: from n/a through 0.3.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lexicata Lexicata allows Reflected XSS. This issue affects Lexicata: from n/a through 1.0.16. |
| The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliderId’ parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. |
| Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz allows Object Injection. This issue affects SS Quiz: from n/a through 2.0.5. |
| Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.
|
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection. |
| Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column allows Cross Site Request Forgery. This issue affects Plugins Last Updated Column: from n/a through 0.1.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0.1. |
| Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31. |
| An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder. |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in LinkLaunder.com LinkLaunder SEO allows Stored XSS.This issue affects LinkLaunder SEO: from n/a through 0.92.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through 1.0.0. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6. |
| Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e. |
| An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value. |
