Total
36733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19770 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. | |||||
| CVE-2019-9110 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | |||||
| CVE-2018-18938 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. | |||||
| CVE-2018-10313 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 5.4 MEDIUM |
| WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. | |||||
| CVE-2018-10368 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. | |||||
| CVE-2019-9109 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. | |||||
| CVE-2018-17426 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 5.4 MEDIUM |
| WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. | |||||
| CVE-2018-10311 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI. | |||||
| CVE-2018-17425 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 5.4 MEDIUM |
| WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. | |||||
| CVE-2018-14512 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered. | |||||
| CVE-2023-31860 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A | 5.4 MEDIUM |
| Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | |||||
| CVE-2024-1331 | 1 Wpdarko | 1 Team Members | 2025-05-05 | N/A | 6.1 MEDIUM |
| The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-1333 | 1 Wpdarko | 1 Responsive Pricing Table | 2025-05-05 | N/A | 5.4 MEDIUM |
| The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-1658 | 1 Wpdarko | 1 Grid Shortcodes | 2025-05-05 | N/A | 5.4 MEDIUM |
| The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-7085 | 1 Sterlinghamilton | 1 Scalable Vector Graphics \(svg\) | 2025-05-05 | N/A | 5.4 MEDIUM |
| The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |||||
| CVE-2023-7236 | 1 Backupbolt | 1 Backup Bolt | 2025-05-05 | N/A | 4.7 MEDIUM |
| The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. | |||||
| CVE-2024-32342 | 1 Boidcms | 1 Boidcms | 2025-05-05 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. | |||||
| CVE-2024-32343 | 1 Boidcms | 1 Boidcms | 2025-05-05 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | |||||
| CVE-2025-32690 | 2025-05-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through 11.12.5. | |||||
| CVE-2022-35155 | 1 Phpgurukul | 1 Bus Pass Management System | 2025-05-05 | N/A | 6.1 MEDIUM |
| Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. | |||||