High
CVE-2024-50533
Cross-Site Request Forgery (CSRF) vulnerability in David Garcia Domain Sharding domain-sharding allows Stored XSS.This issue affects Domain Sharding: from n/a through <= 1.2.1.
Tag: Stored XSS
All CVEs associated with "Stored XSS". Page 23/45 • 5376 CVEs.
Subscribe CVEs: RSS for “Stored XSS” · RSS (High+Critical only)
About “Stored XSS”
A curated feed of “Stored XSS”-related CVEs appears below. We currently track 5376 CVEs for this tag (all time). In the last 365 days, 1195 were published. Average CVSS is 6.2 (all time; 6.4 over 365d), and 18% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-11-19
Medium
CVE-2024-50518
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Pricer Ninja pricer-ninja-pricing-tables allows Stored XSS.This issue affects Pricer…
Medium
CVE-2024-50517
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IDSK team ID-SK Toolkit idsk-toolkit allows Stored XSS.This issue affects ID-SK Toolkit: from n/a…
Medium
CVE-2024-50516
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Countdown & Clock countdown-builder allows Stored XSS.This issue affects Countdown & Cl…
Medium
CVE-2024-50515
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a t…
Medium
CVE-2024-50514
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a t…
Medium
CVE-2024-50513
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows Stored XSS.This issue affects PostX: from n/a through <= 4.1.15.
Medium
CVE-2024-10103
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which e…
2024-11-18
Medium
CVE-2024-52340
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MartyThornley Photographer Connections photographer-connections allows Stored XSS.This issue affe…
Medium
CVE-2024-52339
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maximilian Ruthe Mage Front End Forms mage-forms allows Stored XSS.This issue affects Mage Front…
Medium
CVE-2024-52394
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in verkkovaraani Print PDF Generator and Publisher nopeamedia allows Stored XSS.This issue affects P…
Medium
CVE-2024-52389
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Stored XSS.This issue affects WP Job Portal: from…
Medium
CVE-2024-52347
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-websi…
Medium
CVE-2024-52346
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JavierMendezPWG SimpleGMaps simplegmaps allows Stored XSS.This issue affects SimpleGMaps: from n/…
Medium
CVE-2024-52345
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RobertoAlicata ra_qrcode ra-qrcode allows Stored XSS.This issue affects ra_qrcode: from n/a throu…
Medium
CVE-2024-52344
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeies Pvt Ltd Provide Forex Signals provide-forex-signals allows Stored XSS.This issue affects…
Medium
CVE-2024-52343
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd OS Pricing Tables os-pricing-tables allows Stored XSS.This issue aff…
Medium
CVE-2024-52342
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd OS BXSlider os-bxslider allows Stored XSS.This issue affects OS BXSl…
Medium
CVE-2024-52341
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd OS Our Team os-our-team allows Stored XSS.This issue affects OS Our…
Medium
CVE-2024-52425
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladislav Urchenko Drozd – Addons for Elementor drozd-addons-for-elementor allows Stored XSS.This…
High
CVE-2024-52424
Cross-Site Request Forgery (CSRF) vulnerability in sureshdsk wp-login customizer wp-login-customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through <= 1.0.
Medium
CVE-2024-52423
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Stored XSS.This issue affects Themify Builder: f…
Medium
CVE-2024-52422
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. WP Githuber MD wp-githuber-md allows Stored XSS.This issue affects WP Githuber MD: from…
Medium
CVE-2024-52419
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clipboard Agency Copy Anything to Clipboard copy-the-code allows Stored XSS.This issue affects Co…
Medium
CVE-2024-9526
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The de…
2024-11-15
Medium
CVE-2024-45611
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control…
2024-11-14
High
CVE-2024-51679
Cross-Site Request Forgery (CSRF) vulnerability in gentlesource Appointmind appointmind allows Stored XSS.This issue affects Appointmind: from n/a through <= 4.0.0.
High
CVE-2024-51659
Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus twitter-anywhere-plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through <= 2.0.
High
CVE-2024-51658
Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through <= 1.3.
High
CVE-2024-51687
Cross-Site Request Forgery (CSRF) vulnerability in Platform.ly Platform.ly Official platformly allows Stored XSS.This issue affects Platform.ly Official: from n/a through <= 1.1.3.
High
CVE-2024-51684
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO wp-perfect-plugin allows Stored XSS.This issue affects W3P SEO: from n/a through < 1.8.6.
High
CVE-2024-51688
Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from…
2024-11-13
Medium
CVE-2024-45879
The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site…
2024-11-12
High
CVE-2024-10923
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ ALM Octane Management allows Stored XSS. The vulnerability could result in a rem…
2024-11-11
Medium
CVE-2024-52354
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor shortcodes-for-amp-web-stories-and-elementor-widge…
Medium
CVE-2024-52351
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BU Web Team BU Slideshow bu-slideshow allows Stored XSS.This issue affects BU Slideshow: from n/a…
Medium
CVE-2024-52357
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lqd LIQUID BLOCKS liquid-blocks allows Stored XSS.This issue affects LIQUID BLOCKS: from n/a thro…
Medium
CVE-2024-52356
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack E…
Medium
CVE-2024-51575
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Abdullah Al Masum Extender All In One For Elementor extender-all-in-one-for-elementor allows…
Medium
CVE-2024-51574
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Goods Simple Goods simple-goods allows Stored XSS.This issue affects Simple Goods: from n/…
Medium
CVE-2024-51573
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ersatzpole ML Responsive Audio player with playlist Shortcode mlr-audio allows Stored XSS.This is…
Medium
CVE-2024-51572
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a thr…
2024-11-10
Medium
CVE-2024-51576
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpza AMP Img Shortcode amp-img-shortcode allows Stored XSS.This issue affects AMP Img Shortcode:…
Medium
CVE-2024-51578
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lpagg 3D Presentation 3d-presentation allows Stored XSS.This issue affects 3D Presentation: from…
Medium
CVE-2024-51577
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neville.lugton bpmn.io bpmnio allows Stored XSS.This issue affects bpmn.io: from n/a through <= 1…
Medium
CVE-2024-51583
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsPoint Kento Ads Rotator kento-ads-rotator allows Stored XSS.This issue affects Kento Ads R…
Medium
CVE-2024-51581
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows Stor…
Medium
CVE-2024-51580
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zootemplate Clever Addons for Elementor cafe-lite allows Stored XSS.This issue affects Clever Add…
2024-11-09
Medium
CVE-2024-51610
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seothemes Display Terms Shortcode display-terms-shortcode allows Stored XSS.This issue affects Di…
Medium
CVE-2024-51609
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aakif Kadiwala Emoji Shortcode emoji-shortcode allows Stored XSS.This issue affects Emoji Shortco…
Medium
CVE-2024-51599
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in russell.albin Simple Business Manager simple-business-manager allows Stored XSS.This issue affect…
Medium
CVE-2024-51597
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeshark ThemeShark Templates & Widgets for Elementor themeshark-elementor allows Stored XSS.Th…
Medium
CVE-2024-51596
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nilesh Shiragave Business business allows Stored XSS.This issue affects Business: from n/a throug…
Medium
CVE-2024-51595
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKSDEV SKSDEV Toolkit sksdev-toolkit allows Stored XSS.This issue affects SKSDEV Toolkit: from n/…
Medium
CVE-2024-51594
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rafel.sanso Gmap Point List gmap-point-list allows Stored XSS.This issue affects Gmap Point List:…
Medium
CVE-2024-51593
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Glopium Курс валют UAH ukrainian-currency allows Stored XSS.This issue affects Курс валют UAH: fr…
Medium
CVE-2024-51587
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softfirm Definitive Addons for Elementor definitive-addons-for-elementor allows Stored XSS.This i…
Medium
CVE-2024-51586
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in camilluskillus Elementary Addons elementary-addons allows Stored XSS.This issue affects Elementar…
Medium
CVE-2024-51585
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Sales Page Addon – Elementor & Beaver Builder sales-page-addon allows Stored XSS.This…
Medium
CVE-2024-51668
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mtilly MyCurator Content Curation mycurator allows Stored XSS.This issue affects MyCurator Conten…
Medium
CVE-2024-51664
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markkinchin Beds24 Online Booking beds24-online-booking allows Stored XSS.This issue affects Beds…
Medium
CVE-2024-51663
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable Bricksable for Bricks Builder bricksable allows Stored XSS.This issue affects Bricksab…
High
CVE-2024-51647
Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25.
High
CVE-2024-51630
Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery responsive-flickr-gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through <=…
Medium
CVE-2024-51627
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kaedinger Audio Comparison Lite audio-comparison-lite allows Stored XSS.This issue affects Audio…
Medium
CVE-2024-51622
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN WP EASY RECIPE wp-easy-recipe allows Stored XSS.This issue affects WP EASY RECIPE:…
Medium
CVE-2024-51618
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Admin Menu custom-admin-menu allows Stored XSS.This issue affects Custom Admin Men…
Medium
CVE-2024-51616
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rupok AwesomePress awesomepress allows Stored XSS.This issue affects AwesomePress: from n/a throu…
Medium
CVE-2024-51614
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aajoda Aajoda Testimonials aajoda-testimonials allows Stored XSS.This issue affects Aajoda Testim…
Medium
CVE-2024-51613
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bidbud TradeMe widgets trademe-widget allows Stored XSS.This issue affects TradeMe widgets: from…
Medium
CVE-2024-51612
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designerken Reftagger Shortcode reftagger-shortcode allows Stored XSS.This issue affects Reftagge…
Medium
CVE-2024-51611
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miguel Peixe WP Feature Box wp-feature-box allows Stored XSS.This issue affects WP Feature Box: f…
Medium
CVE-2024-51670
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Help Desk js-support-ticket allows Stored XSS.This issue affects JS Help Desk: from n/…
High
CVE-2024-51761
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zackgilbert WPHelpful wphelpful allows Stored XSS.This issue affects WPHelpful: from n/a through…
Medium
CVE-2024-51787
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Stored XSS.This issue af…
Medium
CVE-2024-51786
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Realty by BestWebSoft realty allows Stored XSS.This issue affects Realty by BestWeb…
High
CVE-2024-51782
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sanjay Prasad Loginplus loginplus allows Stored XSS.This issue affects Loginplus: from n/a throug…
2024-11-06
Medium
CVE-2024-20539
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability…
Medium
CVE-2024-20487
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability…
2024-11-04
Medium
CVE-2024-51685
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Accordion title for Elementor allows Stored XSS.This issue affects Accordi…
Medium
CVE-2024-51683
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Custom post type templates for Elementor custom-post-type-templates-for-elementor allows…
Medium
CVE-2024-51682
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor ht-builder allows Stored XSS.This is…
Medium
CVE-2024-51681
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs wp-pocket-urls allows Stored XSS.This issue affects WP Pocket URLs:…
Medium
CVE-2024-51680
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrestaProject Cresta Addons for Elementor cresta-addons-for-elementor allows Stored XSS.This issu…
Medium
CVE-2024-51678
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Elo Rating Shortcode elo-rating-shortcode allows Stored XSS.This issue affects Elo Rat…
Medium
CVE-2024-51677
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Knowledge Base knowledgebase allows Stored XSS.This issue affects Knowledge Base: from n/a t…
2024-11-01
Medium
CVE-2024-43211
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe For…
High
CVE-2024-38744
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email P…
Medium
CVE-2024-37214
Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.…
2024-10-31
Critical
CVE-2024-42515
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded character…
Medium
CVE-2024-43933
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja allows Stored XSS.This issue affects WPMobile.App: from n/a throug…
2024-10-30
Medium
CVE-2024-31975
EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user c…
Medium
CVE-2024-31973
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name (SSID)' input fields to the /index.html#wireless…
Medium
CVE-2024-31972
EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution (under the context of the user's session) via the Wi-F…
2024-10-29
Medium
CVE-2024-49667
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asaduzzaman Abir Local Business Addons For Elementor map-addons-for-elementor-waze-map allows Sto…
Medium
CVE-2024-49665
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks…
Medium
CVE-2024-50410
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Namaste! LMS namaste-lms allows Stored XSS.This issue affects Namaste! LMS: from n/a through…
Medium
CVE-2024-50409
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Namaste! LMS namaste-lms allows Stored XSS.This issue affects Namaste! LMS: from n/a through…
Medium
CVE-2024-49692
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCenter AffiliateX affiliatex allows Stored XSS.This issue affects AffiliateX: from n/a through…
Medium
CVE-2024-49679
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Stored XSS.This is…
High
CVE-2024-49672
Cross-Site Request Forgery (CSRF) vulnerability in giffordcheung Google Docs RSVP google-docs-rsvp-guestlist allows Stored XSS.This issue affects Google Docs RSVP: from n/a through <= 2.0.1.
Medium
CVE-2024-50426
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a thr…
Medium
CVE-2024-50415
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup Ads.txt & App-ads.txt Manager for WordPress app-ads-txt allows Stored XSS.This issue affect…
Medium
CVE-2024-50414
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buttonizer Button contact VR button-contact-vr allows Stored XSS.This issue affects Button contac…
Medium
CVE-2024-50413
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Stored…
Medium
CVE-2024-50412
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Conditional Fields for Contact Form 7 cf7-conditional-fields allows Stored XSS.This i…
Medium
CVE-2024-50411
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Stored XSS.This issue affects W…
2024-10-28
Medium
CVE-2024-51509
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
Medium
CVE-2024-51508
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
Medium
CVE-2024-51507
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
Medium
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
Medium
CVE-2024-50437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a throu…
Medium
CVE-2024-50431
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze breeze allows Stored XSS.This issue affects Breeze: from n/a through <= 2.1.14.
Medium
CVE-2024-50467
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in siteengineai Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin scrollbar-by-webxa…
Medium
CVE-2024-50462
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in html5maps Interactive World Map interactive-world-map allows Stored XSS.This issue affects Intera…
Medium
CVE-2024-50461
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper EmbedPress embedpress allows Stored XSS.This issue affects EmbedPress: from n/a throu…
Medium
CVE-2024-50460
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firelight Firelight Lightbox easy-fancybox allows Stored XSS.This issue affects Firelight Lightbo…
Medium
CVE-2024-50458
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs Advanced Sermons advanced-sermons allows Stored XSS.This issue affects Advanced Sermons…
Medium
CVE-2024-50449
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor…
Medium
CVE-2024-50447
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce envo-elementor-for-woocommerce al…