Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-2490

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-11 May, 2023 | 09:46
Updated At-09 Jan, 2025 | 15:17
Rejected At-
Credits

WordPress UserAgent-Spy Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:11 May, 2023 | 09:46
Updated At:09 Jan, 2025 | 15:17
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress UserAgent-Spy Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions.

Affected Products
Vendor
Fernando Briano
Product
UserAgent-Spy
Collection URL
https://wordpress.org/plugins
Package Name
useragent-spy
Default Status
unaffected
Versions
Affected
  • From n/a through 1.3.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Yash Kanchhal (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/useragent-spy/wordpress-useragent-spy-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/useragent-spy/wordpress-useragent-spy-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/useragent-spy/wordpress-useragent-spy-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/useragent-spy/wordpress-useragent-spy-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:11 May, 2023 | 10:15
Updated At:21 Nov, 2024 | 07:58

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Primary3.14.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CPE Matches
useragent-spy_project
useragent-spy_project
>>useragent-spy>>Versions up to 1.3.1(inclusive)
cpe:2.3:a:useragent-spy_project:useragent-spy:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/useragent-spy/wordpress-useragent-spy-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
https://patchstack.com/database/vulnerability/useragent-spy/wordpress-useragent-spy-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/useragent-spy/wordpress-useragent-spy-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/useragent-spy/wordpress-useragent-spy-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4008Records found
CVE-2019-16683
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.33% / 55.09%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:15
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.

Action-Not Available
Vendor-xoopsn/a
Product-xoopsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-28.81% / 96.43%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 00:00
Updated-25 Oct, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.

Action-Not Available
Vendor-tuzition/atuzitio
Product-camaleon_cmsn/acamaleon_cms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49758
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 18.85%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:17
Updated-20 Nov, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibreNMS has a stored XSS in ExamplePlugin with Device's Notes

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0.

Action-Not Available
Vendor-LibreNMS
Product-librenmslibrenmslibrenms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48870
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.2||MEDIUM
EPSS-0.34% / 56.51%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 06:18
Updated-05 Nov, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.

Action-Not Available
Vendor-sharptoshibatecToshiba Tec CorporationSharp Corporation
Product-mx-m6050bp-c542wd_firmwaremx-5110n_firmwaremx-c381_firmwaremx-m6070_abp-b547wdmx-m365n_a_firmwaremx-3570n_firmwaremx-m6071_firmwarebp-60c36_firmwarebp-70m31bp-90c80bp-c533wd_firmwaremx-c400p_firmwaremx-3101nmx-4070n_a_firmwaremx-3070v_amx-m3571_firmwaremx-m3571mx-2651_firmwaremx-m464n_firmwaremx-m2651mx-5070v_firmwaremx-3111umx-b355wz_firmwaremx-4140nmx-4060v_firmwarebp-b550wdmx-5140n_firmwaremx-m5051mx-3050v_amx-b376w_firmwaremx-2600gmx-c303wh_firmwarebp-70c55_firmwaremx-2601nmx-m564n_amx-b376whmx-4071s_firmwaremx-3550v_firmwaremx-m3071_firmwaremx-b456whmx-m356uvmx-c311mx-m904bp-50c26mx-m753u_firmwaremx-m264ue-studio1058_firmwaremx-2640nrmx-m315nmx-b400pmx-2314nrbp-30c25z_firmwaremx-3550n_firmwaredx-c401_j_firmwaremx-m315u_firmwaremx-c303mx-2610nmx-m316nvmx-m314nmx-m4070_amx-b476wh_firmwaremx-m6070_firmwarebp-30m28t_firmwaremx-m4070mx-m453u_firmwaremx-m1206_firmwaremx-m265nv_firmwaremx-m3070_firmwaremx-3100gmx-m265ne_firmwaremx-c401_firmwaremx-m315uv_firmwaremx-3070v_firmwaremx-b355wt_firmwaremx-m1055bp-c535wrmx-m623umx-2610n_firmwaremx-m264u_firmwaremx-m314nr_firmwaremx-7040nmx-3571smx-m4071s_firmwaremx-m3551bp-70c55mx-m354n_firmwaremx-c312_firmwaremx-4111n_firmwaree-studio908_firmwaremx-c380mx-m265uvmx-c402sc_firmwarebp-90c80_firmwaredx-c400mx-b356whmx-m315ne_firmwaremx-1810umx-6050v_firmwaremx-4070v_firmwaremx-m754nmx-2615n_firmwarebp-70m75_firmwaremx-2615nmx-4071smx-5000nmx-c303w_firmwaredx-c400_firmwaremx-6580nmx-c304wh_firmwaremx-m365n_abp-50c65_firmwaremx-m7570mx-3060nmx-3610nrmx-b376wmx-7081_firmwarebp-70m36_firmwarebp-50c55_firmwaremx-3110nmx-m1205mx-b402pmx-m4050_firmwaremx-c382scmx-c310_firmwaremx-m503nmx-3115nmx-m565nmx-3070v_a_firmwaredx-2000u_firmwaremx-m1056mx-m3551_firmwaremx-m3051_firmwaremx-m264nr_firmwaremx-m453nmx-c303whmx-2630nmx-m6071mx-c380p_firmwaremx-3050n_abp-70c65bp-30c25tbp-60c31_firmwarebp-70c36_firmwaremx-4051mx-m364nmx-3061mx-5112nmx-b402scmx-7500n_firmwaremx-m356uv_firmwaremx-3101n_firmwaremx-b382p_firmwaremx-m3550_firmwaremx-4110n_firmwaremx-b382scmx-3116n_firmwaremx-m654nbp-b537wr_firmwaremx-m354ubp-50c36mx-2601n_firmwaremx-b382_firmwaremx-3640n_firmwaremx-m6070mx-5000n_firmwaremx-m3571s_firmwaremx-3070n_amx-3640nr_firmwaremx-m3071smx-m363n_firmwaremx-8090nmx-m315uvbp-30m31_firmwaremx-2640n_firmwaremx-3551_firmwaremx-b476w_firmwaremx-m314n_firmwaremx-6071_firmwaremx-m753umx-3110n_a_firmwaremx-b355wzmx-m503umx-m6051_firmwaremx-c301wmx-c381mx-5071mx-m2651_firmwaremx-5110ne-studio1208_firmwaremx-m265v_firmwaremx-m264nmx-m363nmx-c304whmx-2600n_firmwaremx-m365n_firmwaremx-m6070_a_firmwaremx-6050vdx-c381mx-m5050_firmwaremx-3110n_firmwaremx-2614nmx-b402_firmwaremx-b382pmx-m905mx-3610nr_firmwaremx-m3570_firmwarebp-50c31mx-3561mx-m1205_firmwaremx-2600nmx-4070n_amx-c382scb_firmwarebp-b537wrbp-70c31_firmwaremx-m465n_firmwaremx-5051_firmwaremx-b455wmx-c304wmx-5071s_firmwarebp-50m26mx-4141nbp-50m26_firmwaremx-3110n_abp-50m45mx-3570v_firmwaremx-m4070_a_firmwaremx-m265n_firmwaremx-m4071smx-2615_amx-m564nmx-b382bp-c542wdmx-m265umx-c303wmx-m364n_firmwaremx-m316nv_firmwarebp-70m45bp-70m75bp-c535wdmx-6070v_a_firmwaredx-c311_firmwarebp-30m35_firmwaremx-b476whmx-m503u_firmwaremx-m754n_ae-studio1058mx-3071s_firmwaremx-2310u_firmwaremx-m354nrmx-m3550mx-4061smx-4050n_firmwaremx-4060nmx-3561s_firmwarebp-60c31mx-7090n_firmwaremx-m314umx-c380_firmwaredx-c311j_firmwaremx-4071mx-7081mx-m565n_firmwaremx-m356u_firmwaremx-3140nmx-3561_firmwaremx-m453umx-b476wmx-b381dx-c311jmx-3560vmx-m363u_firmwaremx-b455wz_firmwaremx-2616nmx-4101nmx-m5071_firmwaremx-6070n_a_firmwaremx-4071_firmwaremx-2616n_firmwarebp-30c25_firmwaremx-m356nv_firmwaremx-m5050bp-70m65_firmwaremx-m265nvmx-m314nv_firmwaremx-m266nvdx-c310_firmwaremx-5111nmx-b400p_firmwarebp-30m35mx-8081_firmwaremx-3071_firmwarebp-30m31t_firmwaremx-6580n_firmwaremx-2640nr_firmwarebp-b540wrmx-m283nmx-m5070_firmwarebp-30m28tmx-8090n_firmwarebp-c545wdmx-m264nrmx-m316nbp-c533wdmx-1810u_firmwaremx-m3071s_firmwaremx-4050v_firmwarebp-30m31mx-b355wtmx-3114nmx-2314nmx-5071_firmwaremx-b402sc_firmwaremx-m465nmx-3111u_firmwaremx-c303_firmwaremx-m365nmx-4100n_firmwaremx-7500nmx-4101n_firmwarebp-70m90_firmwarebp-90c70mx-3050nbp-60c36mx-b455wt_firmwaremx-4060n_firmwaremx-3070vmx-3050v_a_firmwarebp-50c26_firmwaremx-3570vmx-c304w_firmwaremx-m754n_firmwaremx-m465n_amx-m3050mx-6050n_firmwaremx-3610n_firmwaremx-4110nmx-5070n_firmwaremx-4140n_amx-m5070dx-c401_jmx-m356ubp-50c45_firmwaremx-4061_firmwaremx-4112n_firmwaremx-c382scbmx-3061smx-m315umx-3070n_firmwaremx-m356nvmx-3571s_firmwaremx-3560v_firmwaremx-3061_firmwaremx-m266nv_firmwarebp-30c25mx-b402mx-b455w_firmwaredx-c311mx-3571mx-7580n_firmwaremx-m314u_firmwaremx-m315nvmx-m265vmx-3100nmx-m1206mx-7090nmx-c301w_firmwaremx-3114n_firmwaremx-2600g_firmwarebp-30c25ymx-5141nmx-m4051dx-2500nmx-c301bp-50c55mx-c381bmx-2614n_firmwaremx-4070n_firmwaremx-m3570mx-m654n_firmwarebp-55c26_firmwaremx-5050n_firmwaremx-5070vmx-3140n_a_firmwaremx-m5051_firmwaremx-6071s_firmwaremx-5051mx-c400_firmwaremx-4061s_firmwaremx-3051mx-b456wh_firmwaremx-5141n_firmwaremx-b456we-studio1208mx-m3070mx-m4071_firmwaremx-3060v_firmwaremx-6071mx-4111nmx-m464nbp-30m35t_firmwaremx-m4051_firmwaremx-m6071s_firmwaremx-3140nrmx-m5071mx-2615_a_firmwaremx-4050nbp-70c31mx-m3050_firmwaremx-m4070_firmwaremx-3061s_firmwaremx-m314nrmx-3640nrmx-3070nmx-m356nmx-c301_firmwarebp-b540wr_firmwaremx-m1204mx-4070v_amx-m266n_firmwarebp-70m65mx-c380pmx-c304mx-6500ndx-c401_firmwaremx-b356wh_firmwaremx-3115n_firmwaremx-3551mx-3050v_firmwaremx-2301nbp-70c36mx-3050n_firmwaremx-m6050_firmwaremx-m905_firmwaremx-3100n_firmwaremx-6240n_firmwaremx-b401_firmwaremx-m4071bp-c535wd_firmwaremx-c400pbp-50c45mx-m7570_firmwarebp-30m31tmx-m3571smx-4100nmx-8081mx-2630n_firmwaremx-b355w_firmwarebp-70m31_firmwaremx-4112nbp-50m31mx-m453n_firmwaremx-2301n_firmwaremx-3140n_firmwaremx-m654n_a_firmwaremx-m266nmx-6070n_firmwarebp-30c25y_firmwaremx-3570nbp-70m55bp-30m28_firmwaremx-m264nvmx-5050vmx-m654n_amx-4140n_firmwaremx-5071sbp-c533wrmx-b455wtmx-m3050_a_firmwaremx-3060vmx-5001nmx-c312mx-m265uv_firmwaremx-3140nr_firmwaremx-m753n_firmwaremx-m3071mx-4060vbp-55c26mx-3071smx-3560n_firmwaremx-b455wzmx-2310rmx-m465n_a_firmwarebp-c535wr_firmwaremx-m315vmx-m316n_firmwarebp-50c31_firmwaremx-5070nmx-m1056_firmwaremx-c304_firmwarebp-c545wd_firmwaremx-2310umx-m264nv_firmwarebp-50m36_firmwaredx-c401bp-70m90mx-3610nmx-7580nbp-b550wd_firmwaremx-4061dx-c310bp-50m45_firmwarebp-50m55_firmwaremx-6070v_amx-m363umx-b401mx-3140n_abp-30c25t_firmwaremx-2314nr_firmwaremx-2310r_firmwaremx-3560nbp-50m31_firmwaremx-b376wh_firmwarebp-70m45_firmwaremx-m354nmx-6050nmx-6500n_firmwaremx-4050vmx-m2630_a_firmwaremx-3050vmx-m315nv_firmwaremx-m753nbp-90c70_firmwaremx-c311_firmwaremx-5111n_firmwaremx-3571_firmwaremx-m1054_firmwaremx-c310mx-4070vmx-m754n_a_firmwaremx-m356n_firmwaremx-m265u_firmwaremx-m265nemx-m623u_firmwaremx-m2630_ae-studio908mx-2640nbp-30c25zmx-6240nmx-c401mx-m623n_firmwaremx-m3070_a_firmwaremx-m264n_firmwaremx-2010umx-3051_firmwaremx-6051mx-6070n_amx-b380p_firmwaremx-m3051mx-m5071s_firmwaremx-m4050mx-m2630_firmwarebp-b547wd_firmwaremx-m3070_amx-3071mx-m6051mx-m265nbp-50m55mx-m1055_firmwaremx-m354u_firmwarebp-70c65_firmwarebp-60c45mx-m1054mx-c382sc_firmwaremx-4140n_a_firmwaremx-6051_firmwarebp-50c36_firmwaremx-b456w_firmwaremx-5141n_abp-70c45bp-30m28mx-6071smx-4051_firmwaremx-m564n_firmwaremx-m315nemx-4141n_firmwaremx-4070v_a_firmwaremx-3100g_firmwaredx-2500n_firmwaredx-2000umx-b380pbp-50c65bp-50m50_firmwaremx-b356wmx-m503n_firmwaremx-b355wmx-5001n_firmwaremx-m314nvmx-m1204_firmwaremx-2314n_firmwaremx-5050nbp-70m55_firmwaremx-b381_firmwaremx-3550nmx-3070n_a_firmwaremx-3640nmx-2651mx-m2630mx-2010u_firmwarebp-70c45_firmwaremx-6070v_firmwaremx-4070nbp-30m35tmx-c400mx-5112n_firmwaremx-7040n_firmwarebp-60c45_firmwaremx-3550vmx-m3050_amx-5140nmx-b382sc_firmwaremx-c381b_firmwaremx-m6570_firmwaremx-b402p_firmwaremx-m283n_firmwaremx-b356w_firmwarebp-c533wr_firmwaredx-c381_firmwarebp-70m36mx-5141n_a_firmwaremx-5050v_firmwaremx-m564n_a_firmwaremx-6070vmx-m6570mx-c402scmx-3050n_a_firmwaremx-m315n_firmwaremx-m354nr_firmwaremx-3060n_firmwaremx-m5071sbp-50m50mx-m623nmx-m6071smx-6070nmx-m904_firmwarebp-50m36mx-3561smx-m315v_firmwaremx-3116ne-STUDIO 1208e-STUDIO 908e-STUDIO 1058Sharp Digital Full-color MFPs and Monochrome MFPs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24397
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.86%
||
7 Day CHG~0.00%
Published-30 Aug, 2023 | 15:41
Updated-24 Sep, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.

Action-Not Available
Vendor-reservationReservation.Studio
Product-reservation.studioReservation.Studio widget
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23174
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-3.4||LOW
EPSS-0.42% / 61.24%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-20 Feb, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].

Action-Not Available
Vendor-wpchillWPChill
Product-download_monitorDownload Monitor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23881
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.33%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 15:03
Updated-02 Aug, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Circles Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions.

Action-Not Available
Vendor-greentreelabsGreenTreeLabs
Product-circles_galleryCircles Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23785
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.33%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 14:12
Updated-09 Jan, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Exquisite PayPal Donation Plugin <= v2.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions.

Action-Not Available
Vendor-exquisite_paypal_donation_projectDgCult
Product-exquisite_paypal_donationExquisite PayPal Donation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-16664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 44.21%
||
7 Day CHG~0.00%
Published-21 Sep, 2019 | 17:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.

Action-Not Available
Vendor-thinksaasn/a
Product-thinksaasn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49288
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.45%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:11
Updated-29 Oct, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Email Template Customizer for WooCommerce plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5.

Action-Not Available
Vendor-VillaTheme
Product-woocommerce_email_template_customizerEmail Template Customizer for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.17% / 38.43%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 14:25
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.

Action-Not Available
Vendor-opencartn/a
Product-opencartn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4970
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.86%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 06:00
Updated-18 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Widget Bundle <= 2.0.0 - Admin+ Stored XSS

The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Action-Not Available
Vendor-devnath_vermaUnknown
Product-widget_bundleWidget Bundle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49696
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.45%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 12:29
Updated-08 Nov, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.21 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RoboSoft Robo Gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through 3.2.21.

Action-Not Available
Vendor-robosoftRoboSoft
Product-robo_galleryRobo Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.01%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 10:58
Updated-08 Nov, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPKoi Templates for Elementor plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPKoi WPKoi Templates for Elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through 3.1.0.

Action-Not Available
Vendor-wpkoiWPKoi
Product-wpkoi_templates_for_elementorWPKoi Templates for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-32505
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 14.96%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 14:22
Updated-25 Sep, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Hide Login Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.

Action-Not Available
Vendor-ciphercoinArshid
Product-easy_hide_loginEasy Hide Login
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47372
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 15:18
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TNC PDF viewer plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0.

Action-Not Available
Vendor-ThemeNcode LLC
Product-TNC PDF viewer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15618
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.8||MEDIUM
EPSS-0.20% / 41.44%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:08
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.

Action-Not Available
Vendor-n/aNextcloud GmbH
Product-nextcloud_serverNextcloud Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.40% / 60.11%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 06:26
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. The injected payload will be executed in the browser of a user whenever one visits the affected module page.

Action-Not Available
Vendor-flatcoren/a
Product-flatcoren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24403
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 10:32
Updated-19 Feb, 2025 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress bbPress Voting Plugin <= 2.1.11.0 is vulnerable to Cross-Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions.

Action-Not Available
Vendor-wpforthewinWP For The Win
Product-bbpress_votingbbPress Voting
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15280
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 48.93%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other users. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47623
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:35
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery Lightbox plugin <= 1.0.0.39 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Gallery Lightbox allows Stored XSS.This issue affects Gallery Lightbox: from n/a through 1.0.0.39.

Action-Not Available
Vendor-GhozyLab, Inc.
Product-Gallery Lightbox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15268
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 48.93%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-21 Nov, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_appliance_8120firepower_management_center_2600_firmwarefirepower_management_center_1000_firmwarefirepower_appliance_7050firesight_management_center_750_firmwarefiresight_management_center_3500_firmwarefiresight_management_center_3500firepower_appliance_8120_firmwarefirepower_appliance_7110_firmwarefirepower_appliance_8130firepower_appliance_8360_firmwarefirepower_appliance_8350_firmwarefirepower_appliance_8260_firmwarefirepower_management_center_virtual_appliance_firmwarefiresight_management_center_750firepower_management_center_2500_firmwarefirepower_management_center_2000firesight_management_center_1500ngips_virtual_appliance_firmwarefirepower_appliance_7125firepower_management_center_4600firepower_appliance_8390_firmwarefirepower_appliance_7020firepower_management_center_4000_firmwarefirepower_appliance_7110firepower_appliance_8370_firmwarefirepower_appliance_7125_firmwarefirepower_appliance_8360firepower_management_center_1600_firmwarefirepower_appliance_8140_firmwarefirepower_appliance_7120firepower_appliance_8270firepower_appliance_7050_firmwarefirepower_management_center_2500firepower_management_center_virtual_applianceamp_7150firepower_appliance_7010_firmwarefirepower_management_center_4500_firmwarefirepower_appliance_8250_firmwarefirepower_management_center_4500firepower_appliance_8270_firmwarefirepower_management_center_2000_firmwarefirepower_appliance_8140firepower_appliance_7030firepower_appliance_8250firepower_appliance_8290firepower_management_center_2600firepower_appliance_7030_firmwarefirepower_management_center_1000firepower_appliance_8390firesight_management_center_1500_firmwarefirepower_management_center_1600amp_8150amp_8150_firmwarefirepower_management_center_4600_firmwarefirepower_appliance_8290_firmwareamp_7150_firmwarefirepower_appliance_7115_firmwarefirepower_appliance_8370firepower_appliance_8350firepower_appliance_7010firepower_appliance_8260firepower_appliance_7120_firmwarefirepower_appliance_8130_firmwarefirepower_appliance_7115firepower_appliance_7020_firmwarefirepower_management_center_4000ngips_virtual_applianceCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23810
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.33%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 15:06
Updated-02 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Panorama – WordPress Project Management Plugin Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions.

Action-Not Available
Vendor-snaborbitalSnapOrbital
Product-panoramaPanorama
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47336
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:54
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Terms Descriptions plugin <= 3.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions allows Stored XSS.This issue affects Terms descriptions: from n/a through 3.4.6.

Action-Not Available
Vendor-Vladimir Statsenko
Product-Terms descriptions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24004
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.49%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 08:00
Updated-10 Jan, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.

Action-Not Available
Vendor-WpDevArt
Product-download_image_and_video_lightbox\,_image_popupImage and Video Lightbox, Image PopUp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4753
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 32.09%
||
7 Day CHG~0.00%
Published-12 Jul, 2024 | 06:00
Updated-17 Nov, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Secure Maintenance < 1.7 - Admin+ Stored XSS

The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Action-Not Available
Vendor-wpexpertsUnknownwpexperts
Product-wp_secure_maintenanceWP Secure Maintenancewp_secure_maintenance
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24381
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.25%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 10:47
Updated-02 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Social Pixel Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions.

Action-Not Available
Vendor-nsthemesNsThemes
Product-advanced_social_pixelAdvanced Social Pixel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15007
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 44.36%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 14:41
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheyeCrucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48046
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:19
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form by Supsystic plugin <= 1.7.28 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.

Action-Not Available
Vendor-Supsystic
Product-Contact Form by Supsystic
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23982
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.49%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 04:49
Updated-10 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPFrom Email Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions.

Action-Not Available
Vendor-wpfrom_email_projectWPGear.Pro
Product-wpfrom_emailWPFrom Email
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4812
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.11% / 29.13%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 15:06
Updated-20 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Katello: potential cross-site scripting exploit in ui

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.

Action-Not Available
Vendor-katello_projectRed Hat, Inc.
Product-satellitekatelloRed Hat Satellite 6
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-33208
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.86%
||
7 Day CHG~0.00%
Published-30 Aug, 2023 | 12:03
Updated-24 Sep, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cookie Monster Plugin <= 1.51 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions.

Action-Not Available
Vendor-cookie_monster_projectgsmith
Product-cookie_monsterCookie Monster
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47647
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 12:49
Updated-28 Oct, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelpieWP Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin: from n/a through 1.27.

Action-Not Available
Vendor-HelpieWP
Product-Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-33329
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 19.56%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 17:15
Updated-25 Sep, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Post Type Generator Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Hijiri Custom Post Type Generator plugin <= 2.4.2 versions.

Action-Not Available
Vendor-custom_post_type_generator_projectHijiri
Product-custom_post_type_generatorCustom Post Type Generator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15253
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.64% / 69.98%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 17:30
Updated-23 Jul, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_centerCisco Digital Network Architecture Center (DNA Center)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47524
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-0.04% / 10.63%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 20:30
Updated-19 Dec, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0.

Action-Not Available
Vendor-LibreNMS
Product-librenmslibrenmslibrenms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47299
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:42
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Website Builder by SeedProd <= 6.17.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.17.4.

Action-Not Available
Vendor-SeedProd, LLC (SeedProd)
Product-Coming Soon Page, Under Construction & Maintenance Mode by SeedProd
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47356
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.1||MEDIUM
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:01
Updated-09 Jan, 2026 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1.

Action-Not Available
Vendor-catchthemesCatch Themes
Product-createCreate
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47383
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.14%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:55
Updated-22 Jan, 2025 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Pack Elementor addons plugin 2.0.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.0.8.8.

Action-Not Available
Vendor-webangonWebangon
Product-the_pack_elementor_addonsThe Pack Elementor addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15619
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.8||MEDIUM
EPSS-0.25% / 48.04%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:08
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.

Action-Not Available
Vendor-n/aNextcloud GmbH
Product-decktalknextcloud_serverNextcloud Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4755
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4||MEDIUM
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 06:00
Updated-01 Aug, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Google CSE <= 1.0.7 - Admin+ Stored XSS

The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Action-Not Available
Vendor-erikengUnknownerikeng
Product-google_cseGoogle CSEgoogle_cse
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2425
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.08% / 22.55%
||
7 Day CHG~0.00%
Published-29 Apr, 2023 | 07:31
Updated-02 Aug, 2024 | 06:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Information System Add New Course cross site scripting

A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_information_systemSimple Student Information System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 32.12%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 00:00
Updated-19 Nov, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST HTTP request.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-user_registration_\&_login_and_user_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23209
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.8||MEDIUM
EPSS-0.30% / 53.22%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 18:00
Updated-23 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.32 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).

Action-Not Available
Vendor-Mohammed & Ahmed Kaludi (Magazine3)
Product-accelerated_mobile_pagesAMP for WP – Accelerated Mobile Pages (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4752
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.50%
||
7 Day CHG~0.00%
Published-13 Jul, 2024 | 06:00
Updated-15 May, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EventON < 2.2.15 - Admin+ Stored Cross-Site Scripting via event subtitle

The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Action-Not Available
Vendor-myeventonUnknownmyeventon
Product-eventonEventONeventon
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.33%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 07:43
Updated-09 Jan, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tiny carousel horizontal slider plus Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.

Action-Not Available
Vendor-gopiplusGopi Ramasamy
Product-tiny_carousel_horizontal_slider_plusTiny carousel horizontal slider plus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48461
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.30% / 53.30%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 00:00
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6 allows a remote attacker to execute arbitrary code via the New Journey field.

Action-Not Available
Vendor-n/atelsalogger
Product-n/aadmin_panel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2387
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.09% / 25.28%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 19:00
Updated-02 Aug, 2024 | 06:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear SRX5308 Web Management Interface cross site scripting

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-srx5308srx5308_firmwareSRX5308
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.26% / 49.03%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 03:07
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.

Action-Not Available
Vendor-n/aWSO2 LLC
Product-api_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2388
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.09% / 25.28%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 19:31
Updated-02 Aug, 2024 | 06:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear SRX5308 Web Management Interface cross site scripting

A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-srx5308srx5308_firmwareSRX5308
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 80
  • 81
  • Next
Details not found