Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 38509 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24508 1 Baicells 6 Nova227, Nova233, Nova243 and 3 more 2024-11-21 N/A 8.1 HIGH
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. 
CVE-2023-24488 1 Citrix 2 Application Delivery Controller, Gateway 2024-11-21 N/A 6.1 MEDIUM
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting
CVE-2023-24420 1 Zestard 1 Admin Side Data Storage For Contact Form 7 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1 versions.
CVE-2023-24418 1 Gopiplus 1 Tiny Carousel Horizontal Slider Plus 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.
CVE-2023-24413 1 I13websolution 1 Wordpress Vertical Image Slider 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions.
CVE-2023-24412 1 Web-settler 1 Image Social Feed 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.
CVE-2023-24411 1 Bnecreative 1 Bne Testimonials 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions.
CVE-2023-24409 1 I13websolution 1 Wp Responsive Tabs Horizontal Vertical And Accordion Tabs 2024-11-21 N/A 7.1 HIGH
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions.
CVE-2023-24408 1 Lightspeedhq 1 Ecwid Ecommerce Shopping Cart 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.
CVE-2023-24406 1 Simple Popup Project 1 Simple Popup 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.
CVE-2023-24404 1 Rarathemes 1 Vryasage Marketing Performance 2024-11-21 N/A 7.1 HIGH
Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions.
CVE-2023-24403 1 Wpforthewin 1 Bbpress Voting 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions.
CVE-2023-24402 1 Wpbookingsystem 1 Wp Booking System 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.
CVE-2023-24401 1 Davidsword 1 Mobile Call Now \& Map Buttons 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.
CVE-2023-24400 1 Hu-manity 1 Cookie Notice \& Compliance For Gdpr \/ Ccpa 2024-11-21 N/A 6.5 MEDIUM
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.6 versions.
CVE-2023-24399 1 Oceanwp 1 Ocean Extra 2024-11-21 N/A 5.5 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.
CVE-2023-24398 1 Snapcreek 1 Ezp Coming Soon Page 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.
CVE-2023-24397 1 Reservation 1 Reservation.studio 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.
CVE-2023-24396 1 Vikwp 1 Vikbooking Hotel Booking Engine \& Pms 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.
CVE-2023-24394 1 Iframe Project 1 Iframe 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.