Total
36915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38827 | 1 Follettlearning | 1 Solutions Destiny | 2025-06-03 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do. | |||||
| CVE-2023-26998 | 1 Netscout | 1 Ngeniusone | 2025-06-03 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | |||||
| CVE-2024-22776 | 1 Wallosapp | 1 Wallos | 2025-06-03 | N/A | 4.7 MEDIUM |
| Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields. | |||||
| CVE-2024-51508 | 1 Tiki | 1 Tiki | 2025-06-03 | N/A | 4.8 MEDIUM |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index. | |||||
| CVE-2024-51509 | 1 Tiki | 1 Tiki | 2025-06-03 | N/A | 4.8 MEDIUM |
| Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name. | |||||
| CVE-2024-51507 | 1 Tiki | 1 Tiki | 2025-06-03 | N/A | 4.8 MEDIUM |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name. | |||||
| CVE-2024-51506 | 1 Tiki | 1 Tiki | 2025-06-03 | N/A | 4.8 MEDIUM |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description. | |||||
| CVE-2024-23178 | 1 Mediawiki | 1 Mediawiki | 2025-06-03 | N/A | 5.4 MEDIUM |
| An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message. | |||||
| CVE-2024-23177 | 1 Mediawiki | 1 Mediawiki | 2025-06-03 | N/A | 6.1 MEDIUM |
| An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter. | |||||
| CVE-2024-23173 | 1 Mediawiki | 1 Mediawiki | 2025-06-03 | N/A | 6.1 MEDIUM |
| An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php. | |||||
| CVE-2024-22494 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-03 | N/A | 5.4 MEDIUM |
| A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2024-22492 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-03 | N/A | 5.4 MEDIUM |
| A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2023-7071 | 1 Wpdeveloper | 1 Essential Blocks | 2025-06-03 | N/A | 6.4 MEDIUM |
| The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-6988 | 1 Extendthemes | 1 Colibri Page Builder | 2025-06-03 | N/A | 6.4 MEDIUM |
| The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-6924 | 1 10web | 1 Photo Gallery | 2025-06-03 | N/A | 4.4 MEDIUM |
| The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin. | |||||
| CVE-2023-6882 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-06-03 | N/A | 6.1 MEDIUM |
| The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2023-6684 | 1 Vowelweb | 1 Ibtana | 2025-06-03 | N/A | 6.4 MEDIUM |
| The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-6050 | 1 Estatik | 1 Estatik | 2025-06-03 | N/A | 6.1 MEDIUM |
| The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-5691 | 1 Collect.chat | 1 Chatbot | 2025-06-03 | N/A | 4.4 MEDIUM |
| The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2023-51068 | 1 Qstar | 1 Archive Storage Manager | 2025-06-03 | N/A | 5.4 MEDIUM |
| An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | |||||