Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 177968 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-47811 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin <= 1.0.5 versions. -- Nov 28, 2023 n/a
CVE-2023-47810 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Asdqwe Dev Ajax Domain Checker plugin <= 1.3.0 versions. -- Nov 28, 2023 n/a
CVE-2023-47809 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Themepoints Accordion plugin <= 2.6 versions. -- Nov 28, 2023 n/a
CVE-2023-47808 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Christina Uechi Add Widgets to Page plugin <= 1.3.2 versions. -- Nov 28, 2023 n/a
CVE-2023-47797 Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter. -- Nov 23, 2023 n/a
CVE-2023-47792 Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads – Increase Maximum File Upload Size plugin <= 2.1.1 versions. -- Nov 22, 2023 n/a
CVE-2023-47791 Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. -- Nov 27, 2023 n/a
CVE-2023-47790 Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions. -- Nov 28, 2023 n/a
CVE-2023-47786 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in LayerSlider plugin <= 7.7.9 versions. -- Nov 24, 2023 n/a
CVE-2023-47785 Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions. -- Nov 27, 2023 n/a
CVE-2023-47781 Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder < 3.24.2 versions. -- Nov 22, 2023 n/a
CVE-2023-47775 Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions. -- Nov 27, 2023 n/a
CVE-2023-47773 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions. -- Nov 24, 2023 n/a
CVE-2023-47772 Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14. -- Nov 27, 2023 n/a
CVE-2023-47768 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions. -- Nov 28, 2023 n/a
CVE-2023-47767 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions. -- Nov 28, 2023 n/a
CVE-2023-47766 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions. -- Nov 28, 2023 n/a
CVE-2023-47765 Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard\'s Patron Button and Widgets for Patreon plugin <= 2.1.9 versions. -- Nov 27, 2023 n/a
CVE-2023-47759 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Premio Chaty plugin <= 3.1.2 versions. -- Nov 24, 2023 n/a
CVE-2023-47758 Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions. -- Nov 27, 2023 n/a
CVE-2023-47757 Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9. -- Nov 25, 2023 n/a
CVE-2023-47755 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <= 3.3.5 versions. -- Nov 22, 2023 n/a
CVE-2023-47685 Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1. -- Nov 24, 2023 n/a
CVE-2023-47675 CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. -- Nov 22, 2023 n/a
CVE-2023-47672 Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.This issue affects WP Category Post List Widget: from n/a through 2.0.3. -- Nov 24, 2023 n/a
CVE-2023-47671 Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0. -- Nov 24, 2023 n/a
CVE-2023-47670 Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3. -- Nov 24, 2023 n/a
CVE-2023-47668 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions. -- Nov 24, 2023 n/a
CVE-2023-47667 Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 7.0.16. -- Nov 24, 2023 n/a
CVE-2023-47666 Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0. -- Nov 24, 2023 n/a
CVE-2023-47664 Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4. -- Nov 24, 2023 n/a
CVE-2023-47655 Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5. -- Nov 27, 2023 n/a
CVE-2023-47651 Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.This issue affects WP Links Page: from n/a through 4.9.4. -- Nov 27, 2023 n/a
CVE-2023-47650 Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.This issue affects Add Local Avatar: from n/a through 12.1. -- Nov 27, 2023 n/a
CVE-2023-47649 Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1. -- Nov 25, 2023 n/a
CVE-2023-47644 Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6. -- Nov 25, 2023 n/a
CVE-2023-47643 SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields such as UserHash. This issue is patched in version 8.4.2. There are no known workarounds. -- Nov 21, 2023 n/a
CVE-2023-47556 Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2. -- Nov 24, 2023 n/a
CVE-2023-47553 Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.This issue affects UserHeat Plugin: from n/a through 1.1.6. -- Nov 24, 2023 n/a
CVE-2023-47552 Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin.This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5. -- Nov 24, 2023 n/a
CVE-2023-47551 Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. -- Nov 24, 2023 n/a
CVE-2023-47531 Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode.This issue affects Droit Dark Mode: from n/a through 1.1.2. -- Nov 24, 2023 n/a
CVE-2023-47529 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2. -- Nov 24, 2023 n/a
CVE-2023-47519 Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2. -- Nov 24, 2023 n/a
CVE-2023-47503 An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. -- Nov 28, 2023 n/a
CVE-2023-47467 Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. -- Nov 22, 2023 n/a
CVE-2023-47437 A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script. -- Nov 28, 2023 n/a
CVE-2023-47417 Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload. -- Nov 28, 2023 n/a
CVE-2023-47393 An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors. -- Nov 22, 2023 n/a
CVE-2023-47392 An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request. -- Nov 22, 2023 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online