CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43991 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-45004	1 Wp3sixty	1 Woo Custom Emails	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty Woo Custom Emails plugin <= 2.2 versions.
CVE-2023-45003	1 Arrowplugins	1 Social Feed	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed \| Custom Feed for Social Media Networks plugin <= 2.2.0 versions.
CVE-2023-44990	1 Pluginus	1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.
CVE-2023-44987	1 Gettimely	1 Timely Booking Button	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions.
CVE-2023-44986	1 Tychesoftwares	1 Abandoned Cart Lite For Woocommerce	2024-11-21	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions.
CVE-2023-44985	1 Cytechmobile	1 Buddymeet	2024-11-21	6.5 Medium
Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in Cytech BuddyMeet plugin <= 2.2.0 versions.
CVE-2023-44984	1 Rewweb	1 Bbp Style Pack	2024-11-21	6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions.
CVE-2023-44954	1 Bigtreecms	1 Bigtree Cms	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.
CVE-2023-44826	1 Easycorp	1 Zentao	2024-11-21	5.4 Medium
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.
CVE-2023-44813	1 Moosocial	1 Moosocial	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.
CVE-2023-44812	1 Moosocial	1 Moosocial	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.
CVE-2023-44796	1 Limesurvey	1 Limesurvey	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
CVE-2023-44771	1 Tribalsystems	1 Zenario	2024-11-21	5.4 Medium
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.
CVE-2023-44770	1 Tribalsystems	1 Zenario	2024-11-21	5.4 Medium
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.
CVE-2023-44769	1 Tribalsystems	1 Zenario	2024-11-21	5.4 Medium
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.
CVE-2023-44767	1 Ritecms	1 Ritecms	2024-11-21	4.8 Medium
A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.
CVE-2023-44766	1 Concretecms	1 Concrete Cms	2024-11-21	4.8 Medium
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature.
CVE-2023-44765	1 Concretecms	1 Concrete Cms	2024-11-21	5.4 Medium
A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.
CVE-2023-44764	1 Concretecms	1 Concrete Cms	2024-11-21	5.4 Medium
A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).
CVE-2023-44762	1 Concretecms	1 Concrete Cms	2024-11-21	5.4 Medium
A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.

« first previous Page 1478 of 2200. next last »