CVE-2024-4035 CVSS:6.4
The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. (Last Update:2024-04-25 10:15:09) (Publish Update:2024-04-25 10:15:09)
CVE-2024-3994 CVSS:5.4
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. (Last Update:2024-04-25 10:15:09) (Publish Update:2024-04-25 10:15:09)
CVE-2024-32961 CVSS:6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes HQ Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.33. (Last Update:2024-04-25 10:15:09) (Publish Update:2024-04-25 09:16:39)
CVE-2024-4077 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through 4.7.3. (Last Update:2024-04-25 10:15:10) (Publish Update:2024-04-25 09:15:22)
CVE-2024-30560 CVSS:9.6
Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4. (Last Update:2024-04-25 09:15:08) (Publish Update:2024-04-25 09:15:08)
CVE-2024-3988 CVSS:6.4 EPSS:0.05%
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. (Last Update:2024-04-25 08:15:08) (Publish Update:2024-04-25 08:15:08)
CVE-2024-3929 CVSS:6.4 EPSS:0.04%
The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. (Last Update:2024-04-25 08:15:08) (Publish Update:2024-04-25 08:15:08)
CVE-2024-2907 CVSS:0.0 EPSS:0.04%
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). (Last Update:2024-04-25 06:15:59) (Publish Update:2024-04-25 06:15:59)
CVE-2023-20249 CVSS:5.4 EPSS:0.04%
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. (Last Update:2024-04-24 21:15:47) (Publish Update:2024-04-24 21:15:47)
CVE-2023-20248 CVSS:0.0 EPSS:0.04%
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. (Last Update:2024-04-24 21:15:47) (Publish Update:2024-04-24 21:15:47)
This vulnerability list widget is provided by www.cvedetails.com. CVEdetails.com is updated! Visit www.cvedetails.com to see what's new in the new version!