Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-31094

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-18 Aug, 2023 | 12:50
Updated At-28 Apr, 2026 | 16:08
Rejected At-
Credits

WordPress Stock Sync for WooCommerce Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:18 Aug, 2023 | 12:50
Updated At:28 Apr, 2026 | 16:08
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Stock Sync for WooCommerce Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.

Affected Products
Vendor
Lauri Karisola / WP Trio
Product
Stock Sync for WooCommerce
Collection URL
https://wordpress.org/plugins
Package Name
stock-sync-for-woocommerce
Default Status
unaffected
Versions
Affected
  • From n/a through 2.4.0 (custom)
    • -> unaffectedfrom2.4.1
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions

Update to 2.4.1 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Ivy - TOOR, LISA (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/stock-sync-for-woocommerce/wordpress-stock-sync-for-woocommerce-plugin-2-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/stock-sync-for-woocommerce/wordpress-stock-sync-for-woocommerce-plugin-2-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/stock-sync-for-woocommerce/wordpress-stock-sync-for-woocommerce-plugin-2-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/stock-sync-for-woocommerce/wordpress-stock-sync-for-woocommerce-plugin-2-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:18 Aug, 2023 | 13:15
Updated At:23 Aug, 2023 | 16:45

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
wptrio
wptrio
>>stock_sync_for_woocommerce>>Versions before 2.4.1(exclusive)
cpe:2.3:a:wptrio:stock_sync_for_woocommerce:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/stock-sync-for-woocommerce/wordpress-stock-sync-for-woocommerce-plugin-2-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/stock-sync-for-woocommerce/wordpress-stock-sync-for-woocommerce-plugin-2-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

12202Records found
CVE-2023-29430
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.98%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 09:26
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TheRoof Theme <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions.

Action-Not Available
Vendor-cththemesCTHthemes
Product-theroofTheRoof
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-1584
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.32% / 55.18%
||
7 Day CHG~0.00%
Published-04 May, 2022 | 17:00
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS in microweber/microweber

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-3016
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.09% / 26.05%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 14:00
Updated-02 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yiwent Vip Video Analysis admincore.php cross site scripting

A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/admincore.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230360.

Action-Not Available
Vendor-vip_video_analysis_projectyiwent
Product-vip_video_analysisVip Video Analysis
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-42942
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 02:05
Updated-12 Aug, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could access and modify limited information within the scope of victim's browser. This vulnerability has no impact on availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver Application Server for ABAP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29049
Matching Score-4
Assigner-Open-Xchange
ShareView Details
Matching Score-4
Assigner-Open-Xchange
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.38%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 08:51
Updated-17 Apr, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.

Action-Not Available
Vendor-Open-Xchange AG
Product-ox_app_suiteOX App Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 60.88%
||
7 Day CHG-0.94%
Published-26 Apr, 2023 | 00:00
Updated-03 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.

Action-Not Available
Vendor-exelysisn/a
Product-exelysis_unified_communications_solutionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-1269
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 57.13%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 16:05
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fast Flow < 1.2.12 - Reflected Cross-Site Scripting

The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting

Action-Not Available
Vendor-fastflowUnknown
Product-fastflowFast Flow
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41384
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 12:53
Updated-28 Oct, 2025 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) in SuiteCRM

Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but will allow the JavaScript code to execute.

Action-Not Available
Vendor-SalesAgility Ltd.SuiteCRM Ltd.
Product-suitecrmSuiteCRM
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 09:23
Updated-12 May, 2026 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Don't Break The Code plugin <= .3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Coleman Don't Break The Code dont-break-the-code allows Reflected XSS.This issue affects Don't Break The Code: from n/a through <= .3.1.

Action-Not Available
Vendor-Jason Coleman
Product-Don't Break The Code
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29442
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-5.15% / 89.99%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 00:00
Updated-03 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 54.61%
||
7 Day CHG+0.20%
Published-18 May, 2023 | 00:00
Updated-21 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php.

Action-Not Available
Vendor-sofawiki_projectn/a
Product-sofawikin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30394
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 62.98%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-30 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function. NOTE: this issue is disputed by the original reporter because it has "no impact."

Action-Not Available
Vendor-moveitn/amoveit
Product-moveitn/amoveit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1000237
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.26%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 14:21
Updated-06 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sanitize-html before 1.4.3 has XSS.

Action-Not Available
Vendor-apostrophecmsn/a
Product-sanitize-htmln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41750
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.14%
||
7 Day CHG+0.02%
Published-09 Dec, 2025 | 08:07
Updated-19 Dec, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in pxc_PortCfg.php

An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_switch_2316\/k1fl_nat_2208_firmwarefl_switch_2412-2tc-2sfx_firmwarefl_switch_2414-2sfxfl_switch_2506-2sfp_firmwarefl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2108_firmwarefl_switch_2608_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2304-2gc-2sfpfl_switch_2516fl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2408_pnfl_switch_2506-2sfp_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2308_firmwarefl_switch_2504-2gc-2sfpfl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_switch_2208_pnfl_nat_2304-2gc-2sfp_firmwarefl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2404-2tc-2sfxfl_switch_2608_pn_firmwarefl_switch_2005_firmwarefl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2508fl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2303-8sp1fl_switch_2708_pnfl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29345
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 58.83%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 17:48
Updated-01 Jan, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51693
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:46
Updated-12 May, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Search order by product SKU for WooCommerce plugin <= 0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in labdav Search order by product SKU for WooCommerce search-order-by-product-sku-for-woocommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through <= 0.2.

Action-Not Available
Vendor-labdav
Product-Search order by product SKU for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41357
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 1.51%
||
7 Day CHG-0.02%
Published-31 Mar, 2026 | 08:58
Updated-07 Apr, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting on Anon Proxy Server

Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. It affects 'host' parameter in '/diagdns.php' endpoint.

Action-Not Available
Vendor-anonproxyserverAnon Proxy Server
Product-anon_proxy_serverAnon Proxy Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2922
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.09% / 24.74%
||
7 Day CHG~0.00%
Published-27 May, 2023 | 07:31
Updated-21 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Comment System GET Parameter index.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076.

Action-Not Available
Vendor-comment_system_projectSourceCodester
Product-comment_systemComment System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51694
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:41
Updated-11 May, 2026 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Geotagged Media plugin <= 0.3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalfisherman Geotagged Media geotagged-media allows Reflected XSS.This issue affects Geotagged Media: from n/a through <= 0.3.0.

Action-Not Available
Vendor-digitalfisherman
Product-Geotagged Media
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41695
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.58%
||
7 Day CHG+0.01%
Published-09 Dec, 2025 | 08:10
Updated-19 Dec, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in dyn_conn.php

An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_nat_2208_firmwarefl_switch_2316\/k1fl_switch_2412-2tc-2sfx_firmwarefl_switch_2414-2sfxfl_switch_2506-2sfp_firmwarefl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2108_firmwarefl_switch_2608_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2304-2gc-2sfpfl_switch_2516fl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2408_pnfl_switch_2506-2sfp_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2308_firmwarefl_switch_2504-2gc-2sfpfl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_nat_2304-2gc-2sfp_firmwarefl_switch_2208_pnfl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2404-2tc-2sfxfl_switch_2608_pn_firmwarefl_switch_2005_firmwarefl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2508fl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2303-8sp1fl_switch_2708_pnfl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 11:59
Updated-11 May, 2026 | 21:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jigoshop plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Visser Jigoshop – Store Toolkit jigoshop-store-toolkit allows Reflected XSS.This issue affects Jigoshop – Store Toolkit: from n/a through <= 1.4.0.

Action-Not Available
Vendor-Michael Visser
Product-Jigoshop – Store Toolkit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52455
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GoQSmile plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in goqsystem GoQSmile goqsmile allows Reflected XSS.This issue affects GoQSmile: from n/a through <= 1.0.1.

Action-Not Available
Vendor-goqsystem
Product-GoQSmile
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.94%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders theme-blvd-sliders allows Reflected XSS.This issue affects Theme Blvd Sliders: from n/a through <= 1.2.5.

Action-Not Available
Vendor-Jason
Product-Theme Blvd Sliders
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-42920
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 02:09
Updated-24 Oct, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the page generation, resulting in the execution of malicious content. This execution allows the attacker to access and modify information within the victim's browser scope, impacting confidentiality and integrity, while availability remains unaffected.

Action-Not Available
Vendor-SAP SE
Product-supplier_relationship_managementSAP Supplier Relationship Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.48%
||
7 Day CHG~0.00%
Published-12 Aug, 2019 | 14:56
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-database-backup plugin before 4.3.3 for WordPress has XSS.

Action-Not Available
Vendor-wpseedsn/a
Product-wp_database_backupn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 12:57
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Terms descriptions Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.

Action-Not Available
Vendor-simplecodingVladimir Statsenko
Product-terms_descriptionsTerms descriptions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28639
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-2.74% / 86.17%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GLPI vulnerable to reflected Cross-site Scripting in search pages

GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is fixed in versions 9.5.13 and 10.0.7.

Action-Not Available
Vendor-GLPI Project
Product-glpiglpi
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-4604
Matching Score-4
Assigner-Liferay, Inc.
ShareView Details
Matching Score-4
Assigner-Liferay, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 15.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 22:08
Updated-15 Dec, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 and then attackers can run scripts in the Gogo shell

Action-Not Available
Vendor-Liferay Inc.
Product-liferay_portaldigital_experience_platformPortalDXP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-1492
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 54.58%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:33
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41748
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.14%
||
7 Day CHG+0.02%
Published-09 Dec, 2025 | 08:09
Updated-19 Dec, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in pxc_Dot1xCfg.php

An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_nat_2208_firmwarefl_switch_2414-2sfxfl_switch_2412-2tc-2sfx_firmwarefl_switch_2506-2sfp_firmwarefl_switch_2316\/k1fl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2608_firmwarefl_switch_2108_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2516fl_switch_2304-2gc-2sfpfl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2506-2sfp_pnfl_switch_2408_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2504-2gc-2sfpfl_switch_2308_firmwarefl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_nat_2304-2gc-2sfp_firmwarefl_switch_2208_pnfl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2608_pn_firmwarefl_switch_2404-2tc-2sfxfl_switch_2005_firmwarefl_switch_2508fl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2708_pnfl_switch_2303-8sp1fl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 09:20
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Firework Shoppable Live Video plugin <= 6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefan Backor Firework Shoppable Live Video firework-videos allows Reflected XSS.This issue affects Firework Shoppable Live Video: from n/a through <= 6.3.

Action-Not Available
Vendor-Stefan Backor
Product-Firework Shoppable Live Video
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-31406
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.35% / 57.66%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 01:37
Updated-28 Jan, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-businessobjects_business_intelligenceSAP BusinessObjects Business Intelligence Platform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-1220
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.37%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 12:55
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FoxyShop < 4.8.2 - Reflected Cross-Site Scripting

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Action-Not Available
Vendor-foxy-shopUnknown
Product-foxyshopFoxyShop
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-12370
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.53% / 67.24%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 17:35
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.

Action-Not Available
Vendor-readdlen/a
Product-sparkn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.68%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 11:29
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-continuous_image_carousel_with_lightboxContinuous Image Carousel With Lightbox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28648
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-3.00% / 86.73%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 20:06
Updated-16 Jan, 2025 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-28648

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Action-Not Available
Vendor-propumpserviceProPump and Controls, Inc.
Product-osprey_pump_controller_firmwareosprey_pump_controllerOsprey Pump Controller
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.01%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 12:37
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.

Action-Not Available
Vendor-Themesgrove
Product-WidgetKit Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.07%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LeadBoxer plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadBoxer LeadBoxer leadboxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through <= 1.3.

Action-Not Available
Vendor-LeadBoxer
Product-LeadBoxer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28784
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.68%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 11:21
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contest Gallery Plugin <= 21.1.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.

Action-Not Available
Vendor-contest-galleryContest Gallery
Product-contest_galleryContest Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-42956
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.48% / 65.08%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 06:57
Updated-27 Oct, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in SAP NetWeaver Application Server ABAP

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.

Action-Not Available
Vendor-SAP SE
Product-sap_basisSAP NetWeaver Application Server ABAP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.98%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 08:05
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tags Cloud Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions.

Action-Not Available
Vendor-tags_cloud_manager_projectAakif Kadiwala
Product-tags_cloud_managerTags Cloud Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51697
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:37
Updated-11 May, 2026 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Doofinder plugin <= 0.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder doofinder allows Reflected XSS.This issue affects Doofinder: from n/a through <= 0.5.4.

Action-Not Available
Vendor-Doofinder
Product-Doofinder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 21:24
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gameplan theme <= 1.5.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CactusThemes Gameplan gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through <= 1.5.10.

Action-Not Available
Vendor-CactusThemes
Product-Gameplan
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52462
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP e-Commerce Style Email plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows Reflected XSS.This issue affects WP e-Commerce Style Email: from n/a through <= 0.6.2.

Action-Not Available
Vendor-Jacob Schwartz
Product-WP e-Commerce Style Email
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52452
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1.

Action-Not Available
Vendor-eduNEXT
Product-Open edX LMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5151
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.18% / 38.69%
||
7 Day CHG~0.00%
Published-13 Jul, 2024 | 06:00
Updated-13 May, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SULly < 4.3.1 - Admin+ Stored XSS

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Action-Not Available
Vendor-toolstackUnknowntoolstack
Product-sullySULlysully
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:52
Updated-12 May, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Slide Categorywise plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neelam.samariya Wp Slide Categorywise wp-slide-categorywise allows Reflected XSS.This issue affects Wp Slide Categorywise: from n/a through <= 1.1.

Action-Not Available
Vendor-neelam.samariya
Product-Wp Slide Categorywise
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51709
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.24% / 47.48%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:08
Updated-12 May, 2026 | 23:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TeleAdmin plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mariandz TeleAdmin teleadmin allows Reflected XSS.This issue affects TeleAdmin: from n/a through <= 1.0.0.

Action-Not Available
Vendor-mariandz
Product-TeleAdmin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5155
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 32.39%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 06:00
Updated-06 Jun, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inquiry Cart <= 3.4.2 - Stored XSS via CSRF

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Action-Not Available
Vendor-ravsterUnknownravi_desai
Product-inquiry_cartInquiry cartinquiry_cart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52459
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chameleoni Jobs plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chameleoni Chameleoni Jobs chameleon-jobs allows Reflected XSS.This issue affects Chameleoni Jobs: from n/a through <= 2.5.4.

Action-Not Available
Vendor-Chameleoni
Product-Chameleoni Jobs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 244
  • 245
  • Next
Details not found