XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Home Assistant is open source home automation software. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.Com: from n/a through 1.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.0.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS - eLearning and online course solution allows Stored XSS.2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.1.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.5.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.2.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.To Chat: from n/a through 1.1.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.4.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Real Big Plugins Client Dash allows Stored XSS.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS.2.24. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.21.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.