Export limit exceeded: 44417 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44417 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42111 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-13 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload. | ||||
| CVE-2021-33332 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_portlet_PortletConfigurationCSSPortlet_portletResource parameter. | ||||
| CVE-2024-25145 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-13 | 9.6 Critical |
| Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application. | ||||
| CVE-2024-13225 | 1 Etemplates | 1 Ect Home Page Products | 2025-05-13 | 6.1 Medium |
| The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13222 | 1 Marvinlabs | 1 User Messages | 2025-05-13 | 6.1 Medium |
| The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12275 | 1 Canvasflow | 1 Canvasflow | 2025-05-13 | 6.1 Medium |
| The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-5002 | 1 Plugin-planet | 1 User Submitted Posts | 2025-05-13 | 4.8 Medium |
| The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-5151 | 1 Toolstack | 1 Sully | 2025-05-13 | 7.1 High |
| The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-5442 | 1 Imagely | 1 Nextgen Gallery | 2025-05-13 | 5.9 Medium |
| The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-5472 | 1 Holoborodko | 1 Wp Quicklatex | 2025-05-13 | 7.1 High |
| The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-5575 | 1 Metaphorcreations | 1 Ditty | 2025-05-13 | 4.7 Medium |
| The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-29812 | 1 Wpdeveloper | 1 Reviewx | 2025-05-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. | ||||
| CVE-2024-29811 | 1 Softlabbd | 1 Radio Player | 2025-05-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. | ||||
| CVE-2024-29807 | 1 Dearhive | 1 Dearflip | 2025-05-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26. | ||||
| CVE-2024-29806 | 1 Reservationdiary | 1 Redi Restaurant Reservation | 2025-05-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. | ||||
| CVE-2024-29805 | 1 Shopup | 1 Shipping With Venipak For Woocommerce | 2025-05-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5. | ||||
| CVE-2024-5627 | 1 Tournamatch | 1 Tournamatch | 2025-05-13 | 5.4 Medium |
| The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks. | ||||
| CVE-2024-5644 | 1 Tournamatch | 1 Tournamatch | 2025-05-13 | 5.4 Medium |
| The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-29804 | 1 Heateor | 1 Fancy Comments | 2025-05-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14. | ||||
| CVE-2024-6938 | 1 B3log | 1 Siyuan | 2025-05-13 | 3.5 Low |
| A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271993 was assigned to this vulnerability. | ||||