Show filters
13,160 Total Results
Displaying 561-570 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-35757
Disclosure Date: June 21, 2024 (last updated June 25, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Easy Age Verify allows Stored XSS.This issue affects Easy Age Verify: from n/a through 1.8.2.
0
Attacker Value
Unknown
CVE-2024-35769
Disclosure Date: June 21, 2024 (last updated June 25, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through 2.5.17.
0
Attacker Value
Unknown
CVE-2024-6225
Disclosure Date: June 21, 2024 (last updated June 25, 2024)
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
0
Attacker Value
Unknown
CVE-2024-5447
Disclosure Date: June 21, 2024 (last updated June 25, 2024)
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-4970
Disclosure Date: June 21, 2024 (last updated June 25, 2024)
The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-4755
Disclosure Date: June 21, 2024 (last updated June 25, 2024)
The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-4384
Disclosure Date: June 21, 2024 (last updated July 17, 2024)
The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-4381
Disclosure Date: June 21, 2024 (last updated July 17, 2024)
The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-6154
Disclosure Date: June 20, 2024 (last updated September 26, 2024)
Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-20450.
0
Attacker Value
Unknown
CVE-2024-37352
Disclosure Date: June 20, 2024 (last updated September 10, 2024)
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06 that allows
attackers with system administrator permissions to interfere with other system
administrators’ use of the management UI when the second administrator accesses
the vulnerable page. The scope is unchanged, there is no loss of
confidentiality. Impact to system integrity is high, impact to system
availability is none.
0