Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-1916

Summary
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At-27 Jun, 2022 | 08:58
Updated At-03 Aug, 2024 | 00:17
Rejected At-
Credits

Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WPScan
Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At:27 Jun, 2022 | 08:58
Updated At:03 Aug, 2024 | 00:17
Rejected At:
▼CVE Numbering Authority (CNA)
Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting

Affected Products
Vendor
Unknown
Product
Active Products Tables for WooCommerce. Professional products tables for WooCommerce store 
Versions
Affected
  • From 1.0.5 before 1.0.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross-site Scripting (XSS)
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Cross-site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
cydave
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808
x_refsource_MISC
Hyperlink: https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808
x_refsource_MISC
x_transferred
Hyperlink: https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:contact@wpscan.com
Published At:27 Jun, 2022 | 09:15
Updated At:15 Feb, 2024 | 15:17

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
PluginUs.Net (RealMag777)
pluginus
>>woot>>Versions before 1.0.5(exclusive)
cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarycontact@wpscan.com
CWE ID: CWE-79
Type: Primary
Source: contact@wpscan.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808contact@wpscan.com
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808
Source: contact@wpscan.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

17509Records found
CVE-2024-22159
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.94%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 18:12
Updated-12 Nov, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOLF Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professionalWOLF – WordPress Posts Bulk Editor and Manager Professional
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-25043
Matching Score-10
Assigner-WPScan
ShareView Details
Matching Score-10
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.58%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 15:30
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WOOCS < 1.3.7.3 - Reflected Cross-Site Scripting

The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

Action-Not Available
Vendor-UnknownPluginUs.Net (RealMag777)
Product-woocommerce_currency_switcherWOOCS – Currency Switcher for WooCommerce. Professional and Free multi currency plugin – Pay in selected currency
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-31218
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-18 Aug, 2023 | 13:28
Updated-02 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professionalWOLF – WordPress Posts Bulk Editor and Manager Professional
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0234
Matching Score-10
Assigner-WPScan
ShareView Details
Matching Score-10
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-2.59% / 85.00%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 10:46
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WOOCS < 1.3.7.5 - Reflected Cross-Site Scripting

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting

Action-Not Available
Vendor-UnknownPluginUs.Net (RealMag777)
Product-woocsWOOCS – Currency Switcher for WooCommerce. Professional and Free multi currency plugin – Pay in selected currency
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-25085
Matching Score-10
Assigner-WPScan
ShareView Details
Matching Score-10
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-3.20% / 86.50%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 12:21
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting

The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting

Action-Not Available
Vendor-UnknownPluginUs.Net (RealMag777)
Product-woocommerce_products_filterWOOF – Products Filter for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-0864
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 39.04%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 07:28
Updated-21 Feb, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting

The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodes_set' parameter in all versions up to, and including, 1.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-active_products_tables_for_woocommerceActive Products Tables for WooCommerce. Use constructor to create tables
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-30200
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.68%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 05:09
Updated-13 Mar, 2025 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BEAR plugin <= 1.1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-bear_-_woocommerce_bulk_editor_and_products_manager_professionalBEAR
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35730
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 30.05%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 12:54
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wootActive Products Tables for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29763
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.10%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 13:11
Updated-05 Mar, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wordpress_meta_data_and_taxonomies_filterWordPress Meta Data and Taxonomies Filter (MDTF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24834
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.01%
||
7 Day CHG~0.00%
Published-08 Feb, 2024 | 13:13
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BEAR Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-bear_-_woocommerce_bulk_editor_and_products_manager_professionalBEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-5143
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 9.54%
||
7 Day CHG~0.00%
Published-21 Jun, 2025 | 06:42
Updated-09 Jul, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TableOn – WordPress Posts Table Filterable <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode

The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tableon_popup_iframe_button shortcode in all versions up to, and including, 1.0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-tableon_-_wordpress_posts_table_filterableTableOn – WordPress Posts Table Filterable
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1796
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.08% / 24.75%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 06:48
Updated-07 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'swoof_slug'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-husky_-_products_filter_professional_for_woocommerceHUSKY – Products Filter Professional for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10168
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 21.09%
||
7 Day CHG+0.01%
Published-06 Nov, 2024 | 11:32
Updated-08 Nov, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode

The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wootActive Products Tables for WooCommerce. Use constructor to create tables
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-6556
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.69%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:32
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-fox_-_currency_switcher_professional_for_woocommerceFOX – Currency Switcher Professional for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13340
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 8.61%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 11:13
Updated-31 Jan, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MDTF – Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-meta_data_and_taxonomies_filterMDTF – Meta Data and Taxonomies Filter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-3748
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 11.93%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 03:21
Updated-06 May, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Taxonomy Chain Menu <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via pn_chain_menu Shortcode

The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pn_chain_menu shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-taxonomy_chain_menuTaxonomy Chain Menu
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44990
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.01%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 09:01
Updated-02 Aug, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professionalWOLF – WordPress Posts Bulk Editor and Manager Professional
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26775
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 8.40%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 11:38
Updated-19 Mar, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BEAR Plugin <= 1.1.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR allows Stored XSS. This issue affects BEAR: from n/a through 1.1.4.4.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-bear_-_woocommerce_bulk_editor_and_products_manager_professionalBEAR
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4431
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.91%
||
7 Day CHG~0.00%
Published-16 Jan, 2023 | 15:38
Updated-04 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WOOCS < 1.3.9.4 - Contributor+ Stored XSS

The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Action-Not Available
Vendor-UnknownPluginUs.Net (RealMag777)
Product-fox_-_currency_switcher_professional_for_woocommerceWOOCS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-50451
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.11%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 17:53
Updated-13 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-meta_data_and_taxonomies_filterWordPress Meta Data and Taxonomies Filter (MDTF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28666
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.53%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.

Action-Not Available
Vendor-n/aPluginUs.Net (RealMag777)
Product-inpost_galleryInPost Gallery WordPress Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28664
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.53%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user.

Action-Not Available
Vendor-n/aPluginUs.Net (RealMag777)
Product-wordpress_meta_data_and_taxonomies_filterMeta Data and Taxonomies Filter WordPress Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-51480
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.68%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 08:34
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wootActive Products Tables for WooCommerce. Professional products tables for WooCommerce store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-51506
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.68%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 11:22
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPCS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wordpress_currency_switcherWPCS – WordPress Currency Switcher Professional
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34558
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 38.11%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 11:13
Updated-20 Mar, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOLF plugin <= 1.0.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professionalWOLF
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5039
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.27% / 49.82%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 12:43
Updated-10 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-husky_-_products_filter_professional_for_woocommerceHUSKY – Products Filter Professional for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29932
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.96%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 10:11
Updated-05 Mar, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Meta Data and Taxonomies Filter (MDTF) plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wordpress_meta_data_and_taxonomies_filterWordPress Meta Data and Taxonomies Filter (MDTF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29906
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.96%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 06:53
Updated-05 Mar, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wordpress_meta_data_and_taxonomies_filterWordPress Meta Data and Taxonomies Filter (MDTF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.60% / 80.94%
||
7 Day CHG~0.00%
Published-17 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-getsymphonyn/a
Product-symphonyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 53.85%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 18:57
Updated-07 Aug, 2024 | 00:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.

Action-Not Available
Vendor-tikin/a
Product-tikin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-21434
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-10.46% / 92.93%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-20 Mar, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-2350
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.35%
||
7 Day CHG~0.00%
Published-07 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.

Action-Not Available
Vendor-n/aAccellion (Kiteworks USA, LLC)
Product-file_transfer_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-9307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 21:00
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.

Action-Not Available
Vendor-dsmall_projectn/a
Product-dsmalln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4170
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.20%
||
7 Day CHG~0.00%
Published-23 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-empathyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2779
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.28% / 78.74%
||
7 Day CHG~0.00%
Published-28 Jan, 2011 | 21:13
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."

Action-Not Available
Vendor-n/aNovell
Product-groupwisen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3420
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.58%
||
7 Day CHG~0.00%
Published-16 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Products_Results.php in PowerStore 3.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_WADAProducts parameter.

Action-Not Available
Vendor-webassistn/a
Product-powerstoren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-0798
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.46% / 63.35%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:33
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-lync_serverskype_for_business_serverSkype for Business Server 2015Microsoft Lync Server 2013
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-2214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.74%
||
7 Day CHG~0.00%
Published-08 Feb, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-agile_controller-campusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.50% / 65.10%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 20:58
Updated-04 Aug, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-leostreamn/a
Product-connection_brokern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-5099
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.47% / 63.81%
||
7 Day CHG~0.00%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

Action-Not Available
Vendor-n/aphpMyAdminopenSUSE
Product-phpmyadminopensusen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 65.66%
||
7 Day CHG~0.00%
Published-17 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-gecadn/a
Product-axigen_mail_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1451
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.21%
||
7 Day CHG~0.00%
Published-15 Jul, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-meeting_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3983
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.31%
||
7 Day CHG~0.00%
Published-24 Oct, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies.

Action-Not Available
Vendor-kent-webn/a
Product-web_forumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4616
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.67% / 70.39%
||
7 Day CHG~0.00%
Published-06 Jan, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.

Action-Not Available
Vendor-igor_vlasenkon/a
Product-html-template-pron/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2076
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.10% / 28.22%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 19:31
Updated-02 Aug, 2024 | 06:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Traffic Offense Management System Users.phpp cross site scripting

A vulnerability classified as problematic was found in Campcodes Online Traffic Offense Management System 1.0. This vulnerability affects unknown code of the file /classes/Users.phpp. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226054 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-online_traffic_offense_management_system_projectCampCodes
Product-online_traffic_offense_management_systemOnline Traffic Offense Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3424
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.54%
||
7 Day CHG~0.00%
Published-16 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-invisioncommunityn/a
Product-invision_power_boardn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.87%
||
7 Day CHG~0.00%
Published-22 Dec, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3472
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.45%
||
7 Day CHG~0.00%
Published-20 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-filenet_p8_application_enginen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.93% / 75.17%
||
7 Day CHG~0.00%
Published-01 Dec, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php.

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-prestashopn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4709
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-11.44% / 93.32%
||
7 Day CHG~0.00%
Published-08 Dec, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-hotarun/a
Product-hotaru_cmssearch_pluginn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 350
  • 351
  • Next
Details not found