Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-22716: WordPress OOPSpam Anti-Spam plugin <= 1.1.35 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-22715: WordPress WP-CommentNavi plugin <= 1.12.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions.

CVE-2023-23650: WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Stored Cross-Site Scripting Vulnerability - Patchstack

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions.

CVE-2023-22712: WordPress TemplatesNext ToolKit plugin <= 3.2.7 - Cross Site Scripting (XSS) - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TemplatesNext TemplatesNext ToolKit plugin <= 3.2.7 versions.

CVE-2023-22704: WordPress teachPress plugin <= 8.1.8 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions.

CVE-2022-45843: WordPress Smart Slider 3 <= 3.5.1.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.

CVE-2022-44742: WordPress Community Events plugin <= 1.4.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions.

CVE-2023-28422: WordPress Event Manager for WooCommerce plugin <= 3.8.6 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions.

CVE-2022-47431: WordPress Open RDW kenteken voertuiginformatie plugin <= 2.0.14 - Cross Site Scripting (XSS) - Patchstack

Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions.

SAUTER EY-modulo 5 Building Automation Stations

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: SAUTER  Equipment: EY-modulo 5 Building Automation Stations  Vulnerabilities: Cross-site Scripting, Cleartext Transmission of Sensitive Information, and Unrestricted Upload of File with Dangerous Type  2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to privilege escalation, unauthorized execution of actions, a denial-of-service condition, or retrieval of sensitive information.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS SAUTER reports these vulnerabilities affect the following EY-modulo 5 Building Automation Stations:   EY-AS525F001 with moduWeb  3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE SCRIPTING CWE-79  An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context.  CVE-2023-28650 has been assi...