Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-31705

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Jul, 2023 | 00:00
Updated At-04 Nov, 2024 | 14:57
Rejected At-
Credits

A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Jul, 2023 | 00:00
Updated At:04 Nov, 2024 | 14:57
Rejected At:
▼CVE Numbering Authority (CNA)

A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.sourcecodester.com/download-code?nid=16451&title=Task+Reminder+System+in+PHP+and+MySQL+Source+Code+Free+Download
N/A
https://github.com/d34dun1c02n/CVE-2023-31705
N/A
Hyperlink: https://www.sourcecodester.com/download-code?nid=16451&title=Task+Reminder+System+in+PHP+and+MySQL+Source+Code+Free+Download
Resource: N/A
Hyperlink: https://github.com/d34dun1c02n/CVE-2023-31705
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.sourcecodester.com/download-code?nid=16451&title=Task+Reminder+System+in+PHP+and+MySQL+Source+Code+Free+Download
x_transferred
https://github.com/d34dun1c02n/CVE-2023-31705
x_transferred
Hyperlink: https://www.sourcecodester.com/download-code?nid=16451&title=Task+Reminder+System+in+PHP+and+MySQL+Source+Code+Free+Download
Resource:
x_transferred
Hyperlink: https://github.com/d34dun1c02n/CVE-2023-31705
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 Jul, 2023 | 15:15
Updated At:21 Jul, 2023 | 13:56

A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CPE Matches

task_reminder_system_project
task_reminder_system_project
>>task_reminder_system>>1.0
cpe:2.3:a:task_reminder_system_project:task_reminder_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/d34dun1c02n/CVE-2023-31705cve@mitre.org
Third Party Advisory
https://www.sourcecodester.com/download-code?nid=16451&title=Task+Reminder+System+in+PHP+and+MySQL+Source+Code+Free+Downloadcve@mitre.org
Product
Hyperlink: https://github.com/d34dun1c02n/CVE-2023-31705
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.sourcecodester.com/download-code?nid=16451&title=Task+Reminder+System+in+PHP+and+MySQL+Source+Code+Free+Download
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

8850Records found

CVE-2021-36950
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.66% / 70.29%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:12
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.0
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-43342
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.64% / 69.63%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field.

Action-Not Available
Vendor-eramban/a
Product-eramban/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36872
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 15:00
Updated-28 Mar, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].

Action-Not Available
Vendor-wordpress_popular_posts_projectHector Cabrera
Product-wordpress_popular_postsWordPress Popular Posts
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5152
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.15% / 35.87%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 03:53
Updated-01 Aug, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-quomodosoftquomodosoft
Product-elementsreadyElementsReady Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-43914
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.14% / 33.99%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 13:26
Updated-10 Feb, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TRIRIGA Application Platform cross-site scripting

IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036.

Action-Not Available
Vendor-IBM Corporation
Product-tririga_application_platformTRIRIGA Application Platform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51610
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 14:11
Updated-15 Nov, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Display Terms Shortcode plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SEO Themes Display Terms Shortcode allows Stored XSS.This issue affects Display Terms Shortcode: from n/a through 1.0.4.

Action-Not Available
Vendor-seothemesSEO Themes
Product-display_terms_shortcodeDisplay Terms Shortcode
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51595
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 14:36
Updated-15 Nov, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SKSDEV Toolkit plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sksdev SKSDEV Toolkit allows Stored XSS.This issue affects SKSDEV Toolkit: from n/a through 1.0.0.

Action-Not Available
Vendor-sksdevsksdev
Product-sksdev_toolkitSKSDEV Toolkit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4632
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.61%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 16:39
Updated-07 Aug, 2024 | 00:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.

Action-Not Available
Vendor-TYPO3 Association
Product-typo3TYPO3
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5219
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.20% / 42.27%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 06:49
Updated-01 Aug, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Google Maps <= 1.11.15 - Authenticated (Author+) Stored Cross-Site Scripting

The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-supsysticsupsysticcomsupsystic
Product-easy_google_mapsEasy Google Mapseasy_google_maps
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36863
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.67%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 15:11
Updated-20 Feb, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.

Action-Not Available
Vendor-expresstechExpressTech
Product-quiz_and_survey_masterQuiz And Survey Master (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23701
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 07:58
Updated-09 Jan, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Sign Up Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions.

Action-Not Available
Vendor-web_design_easy_sign_up_projectAndrew @ Geeenville Web Design
Product-web_design_easy_sign_upEasy Sign Up
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51591
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 14:50
Updated-14 Nov, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slicko plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpgrids Slicko allows DOM-Based XSS.This issue affects Slicko: from n/a through 1.2.0.

Action-Not Available
Vendor-wpgridswpgrids
Product-slickoSlicko
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2349
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.07% / 21.82%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 15:00
Updated-22 Nov, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Service Provider Management System index.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-service_provider_management_systemService Provider Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-44284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 29.21%
||
7 Day CHG~0.00%
Published-28 Nov, 2022 | 00:00
Updated-25 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).

Action-Not Available
Vendor-dinstarn/a
Product-dag2000-16odag2000-16o_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51577
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-10 Nov, 2024 | 09:11
Updated-14 Nov, 2024 | 02:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress bpmn.io plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Camunda Services GmbH bpmn.Io allows Stored XSS.This issue affects bpmn.Io: from n/a through 1.0.

Action-Not Available
Vendor-camundaCamunda Services GmbH
Product-bpmn.iobpmn.io
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19500
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.18%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:13
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software.

Action-Not Available
Vendor-matrix42n/a
Product-workspace_managementn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 04:58
Updated-10 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi-column Tag Map Plugin <= 17.0.24 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions.

Action-Not Available
Vendor-Multi-Column Tag Map
Product-multi-column_tag_mapMulti-column Tag Map
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51590
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 14:50
Updated-18 Nov, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hoo Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hoosoft Hoo Addons for Elementor allows DOM-Based XSS.This issue affects Hoo Addons for Elementor: from n/a through 1.0.6.

Action-Not Available
Vendor-hoosoftHoosoft
Product-hoo_addons_for_elementorHoo Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-37374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.84%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Action-Not Available
Vendor-teradekn/a
Product-clipclip_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52290
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.35%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 07:19
Updated-11 Jul, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS in Configuration Key Functionality

LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim's browser. Version 2.1.0 fixes the issue.

Action-Not Available
Vendor-lfedgelf-edge
Product-ekuiperekuiper
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-37375
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.84%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-04 Aug, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Action-Not Available
Vendor-teradekn/a
Product-vidiu_mini_firmwarevidiuvidiu_firmwarevidiu_minin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-43996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.33% / 55.27%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory.

Action-Not Available
Vendor-csaf_provider_projectn/a
Product-csaf_providern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-43461
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 19.11%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 13:25
Updated-13 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slideshow SE Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions.

Action-Not Available
Vendor-slideshow_se_projectJohn West
Product-slideshow_seSlideshow SE
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4362
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 48.40%
||
7 Day CHG~0.00%
Published-02 Jan, 2023 | 21:49
Updated-10 Apr, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

Action-Not Available
Vendor-code-atlanticUnknown
Product-popup_makerPopup Maker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23877
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 11:31
Updated-25 Sep, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pinterest RSS Widget Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions.

Action-Not Available
Vendor-bkmacdaddybkmacdaddy designs
Product-pinterest_rss_widgetPinterest RSS Widget
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 17:59
Updated-07 Nov, 2023 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Youtube shortcode Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions.

Action-Not Available
Vendor-youtube_shortcode_projectTúbal Martín
Product-youtube_shortcodeYoutube shortcode
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36563
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-8.23% / 91.89%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 17:19
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session.

Action-Not Available
Vendor-n/aCheckmk GmbH
Product-checkmkn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4410
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 31.43%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 21:20
Updated-23 Jan, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts.

Action-Not Available
Vendor-permalink_manager_lite_projectmbis
Product-permalink_manager_litePermalink Manager Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23728
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 14:18
Updated-19 Feb, 2025 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Flipclock Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions.

Action-Not Available
Vendor-winwarWinwar Media
Product-wp_flipclockWP Flipclock
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-43717
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.4||MEDIUM
EPSS-0.32% / 53.99%
||
7 Day CHG~0.00%
Published-16 Jan, 2023 | 10:08
Updated-04 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Superset: Cross-Site Scripting on dashboards

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-supersetApache Superset
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5226
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.06% / 18.12%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 05:31
Updated-01 Mar, 2025 | 02:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fuse Social Floating Sidebar <= 5.4.10 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload

The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-daniyalahmedkdaniyalahmedk
Product-fuse_social_floating_sidebarFuse Social Floating Sidebar
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2361
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 00:00
Updated-30 Jan, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Action-Not Available
Vendor-Pimcore
Product-pimcorepimcore/pimcore
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23999
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 10:14
Updated-09 Jan, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions.

Action-Not Available
Vendor-MonsterInsights, LLC
Product-google_analytics_dashboardMonsterInsights
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5165
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 73.44%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 09:56
Updated-31 Jan, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input

In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. the last performed "search queries", resulting in a "Reflected XSS" vulnerability. However, several other inputs were persisted at the backend of Eclipse Ditto, leading to a "Stored XSS" vulnerability. Those mean that authenticated and authorized users at Eclipse Ditto can persist Things in Ditto which can - when being displayed by other users also being authorized to see those Things in the Eclipse Ditto UI - cause scripts to be executed in the browser of other users.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-dittoEclipse Ditto
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23676
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 08:35
Updated-09 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress File Gallery Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3 versions.

Action-Not Available
Vendor-file_gallery_projectBruno "Aesqe" Babic
Product-file_galleryFile Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36911
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 39.38%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 16:47
Updated-28 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role.

Action-Not Available
Vendor-comment_engine_pro_project@rex1989
Product-comment_engine_proComment Engine Pro (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51677
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 14:16
Updated-06 Nov, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Knowledge Base plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WebberZone Knowledge Base allows Stored XSS.This issue affects Knowledge Base: from n/a through 2.2.0.

Action-Not Available
Vendor-webberzoneWebberZone
Product-knowledge_baseKnowledge Base
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51593
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 14:46
Updated-18 Nov, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Курс валют UAH plugin <= 2.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Glopium Studio Курс валют UAH allows Stored XSS.This issue affects Курс валют UAH: from n/a through 2.0.

Action-Not Available
Vendor-glopiumGlopium Studio
Product-ukrainian-currencyКурс валют UAH
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-42991
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.38%
||
7 Day CHG~0.00%
Published-27 Oct, 2022 | 00:00
Updated-07 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field.

Action-Not Available
Vendor-simple_online_public_access_catalog_projectn/a
Product-simple_online_public_access_catalogn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51576
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-10 Nov, 2024 | 11:36
Updated-14 Nov, 2024 | 02:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AMP Img Shortcode plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZA AMP Img Shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through 1.0.1.

Action-Not Available
Vendor-wpzaWPZA
Product-amp_img_shortcodeAMP Img Shortcode
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36912
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.79%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 16:48
Updated-20 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Andrea Pernici News Sitemap for Google plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.

Action-Not Available
Vendor-google-news-sitemap_projectAndrea Pernici
Product-google-news-sitemapAndrea Pernici News Sitemap for Google (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51585
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 14:59
Updated-15 Nov, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sales Page Addon plugin <= 1.4.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Sales Page Addon – Elementor & Beaver Builder allows Stored XSS.This issue affects Sales Page Addon – Elementor & Beaver Builder: from n/a through 1.4.2.

Action-Not Available
Vendor-nicheaddonsNicheAddons
Product-sales_page_addonSales Page Addon – Elementor & Beaver Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36873
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.5||MEDIUM
EPSS-3.22% / 86.55%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 15:07
Updated-28 Mar, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.

Action-Not Available
Vendor-webenceWebence
Product-iq_block_countryiQ Block Country
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5259
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.27% / 49.72%
||
7 Day CHG+0.01%
Published-06 Jun, 2024 | 09:34
Updated-01 Aug, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter

The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-multivendorxwcmp
Product-multivendorxMultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51475
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.41%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 00:44
Updated-26 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Content Navigator HTML injection

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Action-Not Available
Vendor-IBM Corporation
Product-content_navigatorContent Navigator
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5173
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.22% / 44.98%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 02:07
Updated-28 Jan, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-ht_megaHT Mega – Absolute Addons For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36399
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.4||MEDIUM
EPSS-0.53% / 66.38%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 00:00
Updated-07 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.41%
||
7 Day CHG~0.00%
Published-15 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.

Action-Not Available
Vendor-feehin/a
Product-feehicmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51599
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 14:31
Updated-15 Nov, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Business Manager plugin <= 4.6.7.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Russell Albin Simple Business Manager allows Stored XSS.This issue affects Simple Business Manager: from n/a through 4.6.7.4.

Action-Not Available
Vendor-russellalbinRussell Albin
Product-simple_business_managerSimple Business Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-36851
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.1||MEDIUM
EPSS-0.16% / 37.09%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:46
Updated-20 Feb, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Testimonial Slider plugin <= 3.5.8.3 - Cross-Site Scripting (XSS) vulnerability

Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color.

Action-Not Available
Vendor-web-settlerWeb-Settler
Product-testimonial_sliderTestimonial Slider – Free Testimonials Slider Plugin (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 176
  • 177
  • Next
Details not found