Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-34412: VDE-2023-029 | CERT@VDE

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker to store an arbitrary JavaScript payload on the diagnosis page of the device. That page is loaded immediately after login in to the device and runs the stored payload, allowing the attacker to read and write browser data and reduce system performance.

CVE
Open in Source
#xss#vulnerability#web#java#auth
CVE-2023-31074: WordPress Extensions for Leaflet Map plugin <= 3.4.1 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <= 3.4.1 versions.

CVE-2023-26530: WordPress Updraft plugin <= 0.6.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Kehrer Updraft plugin <= 0.6.1 versions.

CVE-2023-31091: WordPress Dynamically Register Sidebars plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pradeep Singh Dynamically Register Sidebars plugin <= 1.0.1 versions.

CVE-2023-31076: WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.6 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.6 versions.

CVE-2023-30876: WordPress Dave's WordPress Live Search plugin <= 4.8.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave Ross Dave's WordPress Live Search plugin <= 4.8.1 versions.

CVE-2023-30874: WordPress GPS Plotter plugin <= 5.1.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Steve Curtis, St. Pete Design Gps Plotter plugin <= 5.1.4 versions.

CVE-2023-28622: WordPress Easy Slider Revolution plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0 versions.

CVE-2023-30877: WordPress XML for Google Merchant Center plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov XML for Google Merchant Center plugin <= 3.0.1 versions.

CVE-2023-28533: WordPress Cab Grid plugin <= 1.5.15 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Williams Cab Grid plugin <= 1.5.15 versions.