CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44413 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-25465	1 Gopiplus	1 Wp-tell-a-friend-popup-form	2025-02-19	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <= 7.1 versions.
CVE-2023-31220	1 Wp-experts	1 Wp-categories-widget	2025-02-19	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPERTS.IN TEAM WP Categories Widget plugin <= 2.2 versions.
CVE-2023-40206	1 Hwk	1 Wp 404 Auto Redirect To Similar Post	2025-02-19	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post plugin <= 1.0.3 versions.
CVE-2023-30497	1 Simonchuang	1 Wp Line Notify	2025-02-19	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Chuang WP LINE Notify plugin <= 1.4.4 versions.
CVE-2023-40663	1 Rextheme	1 Wp Vr	2025-02-19	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions.
CVE-2023-30471	1 Cornelraiu	1 Wp Search Analytics	2025-02-19	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.7 versions.
CVE-2023-41662	1 Ulfbenjaminsson	1 Wp-dtree	2025-02-19	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.
CVE-2023-41663	1 Undolog	1 Wp Bannerize Pro	2025-02-19	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions.
CVE-2023-44479	1 Krillwebdesign	1 Wp-jump-menu	2025-02-19	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <= 3.6.4 versions.
CVE-2023-41859	1 Tychesoftwares	1 Order Delivery Date For Wp E-commerce	2025-02-19	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.
CVE-2023-44266	1 Wpadminify	1 Wp Adminify	2025-02-19	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions.
CVE-2024-13390			2025-02-19	6.4 Medium
The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'adfo_list' shortcode in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-45747	1 Syedbalkhi	1 Wp Lightbox 2	2025-02-19	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin <= 3.0.6.5 versions.
CVE-2023-45769	1 Alexraven	1 Wp Report Post	2025-02-19	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.
CVE-2023-45770	1 Fastwpspeed	1 Fast Wp Speed	2025-02-19	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions.
CVE-2023-46088	1 Paymentsplugin	1 Wp Full Stripe Free	2025-02-19	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.
CVE-2023-51219			2025-02-19	9.6 Critical
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages.
CVE-2023-28435	1 Dataease	1 Dataease	2025-02-19	6.5 Medium
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.
CVE-2024-55228	1 Dolibarr	1 Dolibarr Erp\/crm	2025-02-19	9 Critical
A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
CVE-2024-55227	1 Dolibarr	1 Dolibarr Erp\/crm	2025-02-19	9 Critical
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

« first previous Page 1220 of 2221. next last »