Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6122 | 1 Softomi | 1 Advanced C2c Marketplace Software | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı allows Reflected XSS.This issue affects Softomi Gelişmiş C2C Pazaryeri Yazılımı: before 12122023.
|
|||||
| CVE-2023-6103 | 1 Intelbras | 2 Rx 1500, Rx 1500 Firmware | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way ...
Show More |
|||||
| CVE-2023-6098 | 1 Icssolution | 1 Ics Business Manager | 2024-11-21 | N/A | 6.3 MEDIUM |
|
An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obdd_act parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application.
|
|||||
| CVE-2023-6082 | 1 Chartjs Project | 1 Chartjs | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2023-6075 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944.
|
|||||
| CVE-2023-6072 | 1 Trellix | 1 Central Management System | 2024-11-21 | N/A | 4.6 MEDIUM |
|
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.
|
|||||
| CVE-2023-6033 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.7 HIGH |
|
Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser.
|
|||||
| CVE-2023-6028 | 1 Br-automation | 1 Automation Runtime | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A reflected
cross-site scripting (XSS) vulnerability exists in the SVG version of System
Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that
enables a remote attacker to execute arbitrary JavaScript code in the context
of the attacked user’s browser session.
|
|||||
| CVE-2023-6027 | 1 Elijaa | 1 Phpmemcachedadmin | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter.
|
|||||
| CVE-2023-6013 | 1 H2o | 1 H2o | 2024-11-21 | N/A | 5.4 MEDIUM |
|
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
|
|||||
| CVE-2023-6011 | 1 Dece | 1 Geodi | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.This issue affects Geodi: before 8.0.0.27396.
|
|||||
| CVE-2023-6002 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | N/A | 6.5 MEDIUM |
|
YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.
|
|||||
| CVE-2023-5988 | 1 Uyumsoft | 1 Lioxerp | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS.This issue affects LioXERP: before v.146.
|
|||||
| CVE-2023-5987 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
vulnerability that could cause a vulnerability leading to a cross site scripting condition where
attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing
the injected payload.
|
|||||
| CVE-2023-5985 | 1 Schneider-electric | 4 Ion8650, Ion8650 Firmware, Ion8800 and 1 more | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability
exists that could cause compromise of a user’s browser when an attacker with admin privileges
has modified system values.
|
|||||
| CVE-2023-5955 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2023-5950 | 1 Rapid7 | 1 Velociraptor | 2024-11-21 | N/A | 8.6 HIGH |
|
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).
|
|||||
| CVE-2023-5946 | 1 Evarisk | 1 Digirisk | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2023-5942 | 1 Drelton | 1 Medialist | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
|
|||||
| CVE-2023-5940 | 1 Wpajans | 1 Wp Not Login Hide | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2023-5933 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.4 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.
|
|||||
| CVE-2023-5930 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-244330 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-5917 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The assoc ...
Show More |
|||||
| CVE-2023-5914 | 1 Cloud | 1 Citrix Storefront | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site scripting (XSS)
|
|||||
| CVE-2023-5910 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 2.1 LOW | 2.6 LOW |
|
A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects some unknown processing of the file install.php of the component Web Config. The manipulation of the argument Site Title with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-244229 ...
Show More |
|||||
| CVE-2023-5904 | 1 Sfu | 1 Pkp Web Application Library | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
|
|||||
| CVE-2023-5903 | 1 Sfu | 1 Pkp Web Application Library | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
|
|||||
| CVE-2023-5901 | 1 Sfu | 1 Pkp Web Application Library | 2024-11-21 | N/A | 3.5 LOW |
|
Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
|
|||||
| CVE-2023-5896 | 1 Sfu | 1 Pkp Web Application Library | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.
|
|||||
| CVE-2023-5895 | 1 Sfu | 1 Pkp Web Application Library | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
|
|||||
| CVE-2023-5894 | 1 Sfu | 1 Open Journal Systems | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.
|
|||||
| CVE-2023-5892 | 1 Sfu | 1 Pkp Web Application Library | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
|
|||||
| CVE-2023-5891 | 1 Sfu | 1 Pkp Web Application Library | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
|
|||||
| CVE-2023-5890 | 1 Sfu | 1 Pkp Web Application Library | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
|
|||||
| CVE-2023-5880 | 1 Geniecompany | 2 Aladdin Connect Garage Door Opener, Aladdin Connect Garage Door Opener Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser.
|
|||||
| CVE-2023-5874 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2023-5873 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.
|
|||||
| CVE-2023-5867 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
|
|||||
| CVE-2023-5864 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
|
|||||
| CVE-2023-5863 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
|
|||||