Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-27267

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-26 Mar, 2025 | 14:24
Updated At-26 Mar, 2025 | 17:00
Rejected At-
Credits

WordPress Random Quotes Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes allows Reflected XSS. This issue affects Random Quotes: from n/a through 1.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:26 Mar, 2025 | 14:24
Updated At:26 Mar, 2025 | 17:00
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Random Quotes Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes allows Reflected XSS. This issue affects Random Quotes: from n/a through 1.3.

Affected Products
Vendor
srcoley
Product
Random Quotes
Collection URL
https://wordpress.org/plugins
Package Name
random-quotes
Default Status
unaffected
Versions
Affected
  • From n/a through 1.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
johska (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/random-quotes/vulnerability/wordpress-random-quotes-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/random-quotes/vulnerability/wordpress-random-quotes-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:26 Mar, 2025 | 15:16
Updated At:27 Mar, 2025 | 16:45

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes allows Reflected XSS. This issue affects Random Quotes: from n/a through 1.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/random-quotes/vulnerability/wordpress-random-quotes-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/random-quotes/vulnerability/wordpress-random-quotes-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2265Records found
CVE-2022-47431
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 30.20%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 11:50
Updated-10 Jan, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Open RDW kenteken voertuiginformatie Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions.

Action-Not Available
Vendor-tussendoorTussendoor internet & marketing
Product-open_rdw_kenteken_voertuiginformatieOpen RDW kenteken voertuiginformatie
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-47591
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 30.20%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 12:06
Updated-10 Jan, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Map Multi Marker Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions.

Action-Not Available
Vendor-map_multi_marker_projectMickael Austoni
Product-map_multi_markerMap Multi Marker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35696
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.68%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:21
Updated-02 Dec, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Reflected XSS.This issue affects WP Docs: from n/a through 2.1.3.

Action-Not Available
Vendor-androidbubbleFahad Mahmood
Product-wp_docsWP Docs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35706
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.83%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:10
Updated-29 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through 1.1.32.

Action-Not Available
Vendor-Heateor
Product-social_loginHeateor Social Login
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35693
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-7.33% / 91.52%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:28
Updated-29 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 12 Step Meeting List plugin <= 3.14.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code for Recovery 12 Step Meeting List allows Reflected XSS.This issue affects 12 Step Meeting List: from n/a through 3.14.33.

Action-Not Available
Vendor-code4recoveryCode for Recovery
Product-12_step_meeting_list12 Step Meeting List
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35737
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.99%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 12:44
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Visitors Tracker plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through 2.3.

Action-Not Available
Vendor-loopusLoopus
Product-wp_visitors_trackerWP Visitors Tracker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.59%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 15:01
Updated-29 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GiveWP plugin <= 3.12.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through 3.12.0.

Action-Not Available
Vendor-GiveWP
Product-givewpGiveWP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34794
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.59%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:50
Updated-07 Mar, 2025 | 11:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.21.3.

Action-Not Available
Vendor-tainacanTainacan.org
Product-tainacanTainacan
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35694
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-7.20% / 91.42%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:27
Updated-25 Feb, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPMobile.App plugin <= 11.41 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMobile.App allows Reflected XSS.This issue affects WPMobile.App: from n/a through 11.41.

Action-Not Available
Vendor-amauriWPMobile.App
Product-wpmobile.appWPMobile.App
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.72%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:42
Updated-10 Oct, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Link Library plugin <= 7.6.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3.

Action-Not Available
Vendor-ylefebvreYannick Lefebvre
Product-link_libraryLink Library
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34752
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.56% / 67.90%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 06:01
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Landing Page Builder <= 1.5.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.

Action-Not Available
Vendor-PluginOps
Product-Landing Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35668
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.83%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:48
Updated-16 Oct, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Brevo plugin <= 3.1.77 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.77.

Action-Not Available
Vendor-brevoBrevo
Product-newsletter\,_smtp\,_email_marketing_and_subscribeNewsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35766
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.41% / 60.62%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 12:28
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPPizza – A Restaurant Plugin plugin <= 3.18.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through 3.18.13.

Action-Not Available
Vendor-wp-pizzaollybach
Product-wppizzaWPPizza
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35730
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.99%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 12:54
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wootActive Products Tables for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35733
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.99%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 12:50
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Coupons for WooCommerce plugin <= 3.0.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RLDD Auto Coupons for WooCommerce allows Reflected XSS.This issue affects Auto Coupons for WooCommerce: from n/a through 3.0.14.

Action-Not Available
Vendor-richardlermaRLDDrldd
Product-auto_coupons_for_woocommerceAuto Coupons for WooCommerceauto_coupons_for_woocommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35631
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.29%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:30
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FV Flowplayer Video Player plugin <= 7.5.45.7212 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212.

Action-Not Available
Vendor-Foliovision
Product-FV Flowplayer Video Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35664
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.77%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:54
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPvivid Backup for MainWP plugin <= 0.9.32 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through 0.9.32.

Action-Not Available
Vendor-wpvividWPvivid Teamwpvivid_team
Product-wpvivid_backup_for_mainwpWPvivid Backup for MainWPwpvivid_backup_for_mainwp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33947
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.63%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 06:53
Updated-03 Feb, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RegistrationMagic plugin <= 5.3.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.3.2.0.

Action-Not Available
Vendor-Metagauss Inc.
Product-registrationmagicRegistrationMagic
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34553
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.31% / 53.55%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 11:16
Updated-20 Mar, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stockholm Core plugin <= 2.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1.

Action-Not Available
Vendor-select-themesSelect-Themes
Product-stockholm_coreStockholm Core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33978
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.24% / 46.53%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:00
Updated-15 Aug, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in Janobe E-Negosyo System

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'.

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33946
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.52%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 06:55
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPify Woo Czech plugin <= 4.0.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPify s.R.O. WPify Woo Czech allows Reflected XSS.This issue affects WPify Woo Czech: from n/a through 4.0.10.

Action-Not Available
Vendor-WPify s.r.o.
Product-WPify Woo Czech
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33985
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:02
Updated-15 Aug, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe products

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php'.

Action-Not Available
Vendor-janobe
Product-school_attendence_monitoring_systemschool_event_management_systemSchool Event Management SystemSchool Attendance Monitoring System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33924
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.52%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 07:14
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Realtyna Realtyna Organic IDX plugin allows Reflected XSS.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4.

Action-Not Available
Vendor-Realtyna
Product-Realtyna Organic IDX plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34469
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-1.17% / 78.36%
||
7 Day CHG~0.00%
Published-04 May, 2024 | 00:00
Updated-17 Jun, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.

Action-Not Available
Vendor-rukovoditeln/arukovoditel
Product-rukovoditeln/arukovoditel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33981
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.24% / 46.53%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:06
Updated-15 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in Janobe products

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/index.php'.

Action-Not Available
Vendor-janobe
Product-debit_card_paymentpaypalcredit_cardJanobe PayPalCredit CardDebit Card Payment
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33991
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:07
Updated-15 Aug, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'.

Action-Not Available
Vendor-janobe
Product-school_event_management_systemSchool Event Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33982
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:00
Updated-15 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe products

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'.

Action-Not Available
Vendor-janobe
Product-school_attendence_monitoring_systemschool_event_management_systemSchool Event Management SystemSchool Attendance Monitoring System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33975
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.29% / 51.59%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 10:54
Updated-15 Aug, 2024 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in Janobe E-Negosyo System

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.php'.

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34431
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.29% / 52.39%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 11:09
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP etracker plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-etracker WP etracker allows Reflected XSS.This issue affects WP etracker: from n/a through 1.0.2.

Action-Not Available
Vendor-WP-etracker
Product-WP etracker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33554
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 56.88%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 05:16
Updated-21 Feb, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XStore Core plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core allows Reflected XSS.This issue affects XStore Core: from n/a through 5.3.5.

Action-Not Available
Vendor-8theme8theme8theme
Product-xstore_coreXStore Corexstore_core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8411
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.1||HIGH
EPSS-0.03% / 6.55%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 11:17
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in Dokuzsoft Technology's E-Commerce Web Design Product

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers.This issue affects E-Commerce Web Design Product: before 11.08.2025.

Action-Not Available
Vendor-Dokuzsoft Technology
Product-E-Commerce Web Design Product
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33983
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:01
Updated-15 Aug, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe products

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'.

Action-Not Available
Vendor-janobe
Product-school_attendence_monitoring_systemschool_event_management_systemSchool Event Management SystemSchool Attendance Monitoring System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33994
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:09
Updated-22 Nov, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'.

Action-Not Available
Vendor-janobe
Product-school_event_management_systemSchool Event Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33548
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.61%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 05:17
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WZone plugin <= 14.0.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10.

Action-Not Available
Vendor-AA-Team
Product-WZone
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33987
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:03
Updated-15 Aug, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe products

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate', 'YearLevel', 'eventdate', 'events', 'Users' and 'YearLevel' parameters in '/report/index.php'.

Action-Not Available
Vendor-janobe
Product-school_attendence_monitoring_systemschool_event_management_systemSchool Event Management SystemSchool Attendance Monitoring System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.22%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component.

Action-Not Available
Vendor-n/amjdm
Product-n/amajordomo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33993
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:09
Updated-15 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'.

Action-Not Available
Vendor-janobe
Product-school_event_management_systemSchool Event Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33571
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.50%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 05:12
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VOD Infomaniak plugin <= 1.5.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Staff VOD Infomaniak allows Reflected XSS.This issue affects VOD Infomaniak: from n/a through 1.5.6.

Action-Not Available
Vendor-Infomaniak Staff
Product-VOD Infomaniak
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33928
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 38.90%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 07:10
Updated-19 Mar, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CodeBard's Patron Button and Widgets for Patreon plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0.

Action-Not Available
Vendor-codebardCodeBard
Product-codebard\'s_patron_button_and_widgets_for_patreonCodeBard's Patron Button and Widgets for Patreon
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33986
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:02
Updated-15 Aug, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe products

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/department/index.php'.

Action-Not Available
Vendor-janobe
Product-school_attendence_monitoring_systemschool_event_management_systemSchool Event Management SystemSchool Attendance Monitoring System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8281
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.66%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 06:00
Updated-16 Jan, 2026 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Talroo <= 2.4 - Reflected XSS

The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin and unauthenticated users.

Action-Not Available
Vendor-boybawangUnknown
Product-wp_talrooWP Talroo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33990
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.29% / 51.73%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:06
Updated-15 Aug, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'.

Action-Not Available
Vendor-janobe
Product-school_event_management_systemSchool Event Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33645
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 42.19%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 04:58
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Set Favicon plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eftakhairul Islam & Sirajus Salayhin Easy Set Favicon allows Reflected XSS.This issue affects Easy Set Favicon: from n/a through 1.1.

Action-Not Available
Vendor-Eftakhairul Islam & Sirajus Salayhin
Product-Easy Set Favicon
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33976
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.29% / 51.59%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 10:56
Updated-15 Aug, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in Janobe E-Negosyo System

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'.

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33633
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 40.10%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 05:06
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.

Action-Not Available
Vendor-Piotnetpiotnet
Product-Piotnet Addons For Elementor Propiotnet_forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33562
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 05:14
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5.

Action-Not Available
Vendor-8theme8theme
Product-XStorexstore
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34369
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.30%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 18:32
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0.

Action-Not Available
Vendor-Webpushr Web Push Notifications
Product-Webpushr
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33992
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:07
Updated-15 Aug, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'.

Action-Not Available
Vendor-janobe
Product-school_event_management_systemSchool Event Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33977
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 10:58
Updated-15 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in Janobe E-Negosyo System

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'.

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33980
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.24% / 46.53%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:05
Updated-15 Aug, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in Janobe products

Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/printreport.php'.

Action-Not Available
Vendor-janobe
Product-debit_card_paymentpaypalcredit_cardJanobe PayPalCredit CardDebit Card Payment
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 45
  • 46
  • Next
Details not found