Advanced Vulnerability Search
A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html.
Max Base Score
6.1
Published
2023-11-14
Updated
2023-11-20
EPSS
0.05%
DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
Max Base Score
5.4
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.
Max Base Score
4.3
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add
Max Base Score
8.8
Published
2023-11-13
Updated
2023-11-16
EPSS
0.06%
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run
Max Base Score
8.8
Published
2023-11-13
Updated
2023-11-16
EPSS
0.06%
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update.
Max Base Score
8.8
Published
2023-11-14
Updated
2023-11-18
EPSS
0.06%
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.
Max Base Score
8.8
Published
2023-11-14
Updated
2023-11-17
EPSS
0.06%
An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records.
Max Base Score
4.7
Published
2023-11-13
Updated
2023-11-20
EPSS
0.04%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin <= 3.1.39 versions.
Max Base Score
7.1
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions.
Max Base Score
7.1
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Shortcodes Finder plugin <= 1.5.3 versions.
Max Base Score
7.1
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <= 1.10 versions.
Max Base Score
7.1
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions.
Max Base Score
7.1
Published
2023-11-14
Updated
2023-11-17
EPSS
0.05%
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <= 1.6.3 versions.
Max Base Score
6.5
Published
2023-11-14
Updated
2023-11-17
EPSS
0.05%
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Max Base Score
0.0
Published
2023-11-16
Updated
2023-11-16
EPSS
0.06%
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.
Max Base Score
8.8
Published
2023-11-13
Updated
2023-11-16
EPSS
0.06%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_plainview Plainview Protect Passwords plugin <= 1.4 versions.
Max Base Score
7.1
Published
2023-11-14
Updated
2023-11-16
EPSS
0.05%
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Wham Product Visibility by Country for WooCommerce plugin <= 1.4.9 versions.
Max Base Score
5.9
Published
2023-11-14
Updated
2023-11-20
EPSS
0.05%
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.
Max Base Score
6.5
Published
2023-11-14
Updated
2023-11-20
EPSS
0.05%
Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in actpro Extra Product Options for WooCommerce plugin <= 3.0.3 versions.
Max Base Score
5.9
Published
2023-11-14
Updated
2023-11-17
EPSS
0.05%