Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5861 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
|
|||||
| CVE-2023-5842 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
|
|||||
| CVE-2023-5837 | 1 Alexanderlivanov | 1 Fotoscms2 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-5835 | 1 Hu60 | 1 Hu60wap6 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named a1cd9f12d7687243bfcb7ce295665acb83b9174e. It is recommended to apply a patch to fix this issue. The associated ide ...
Show More |
|||||
| CVE-2023-5819 | 1 Gara | 1 Amazonify | 2024-11-21 | N/A | 4.4 MEDIUM |
|
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been dis ...
Show More |
|||||
| CVE-2023-5817 | 1 Eralion | 1 Neon Text | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5811 | 1 Flusity | 1 Flusity | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identif ...
Show More |
|||||
| CVE-2023-5810 | 1 Flusity | 1 Flusity | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not ava ...
Show More |
|||||
| CVE-2023-5809 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2023-5791 | 1 Remyandrade | 1 Sticky Notes App | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability.
|
|||||
| CVE-2023-5789 | 1 Airtel | 2 Dragon Path 707gr1, Dragon Path 707gr1 Firmware | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >><img/src/onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-5771 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.
|
|||||
| CVE-2023-5768 | 1 Hitachienergy | 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below.
Incomplete or wrong received APDU frame layout may
cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer
with wrong length information of APDU or delayed reception
of data octets.
Only communication link of affected HCI IEC 60870-5-104
is blocked. If attack sequence stops the communication to
the previously attacked link g ...
Show More |
|||||
| CVE-2023-5767 | 1 Hitachienergy | 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more | 2024-11-21 | N/A | 6.0 MEDIUM |
|
A vulnerability exists in the webserver that affects the
RTU500 series product versions listed below. A malicious
actor could perform cross-site scripting on the webserver
due to an RDT language file being improperly sanitized.
|
|||||
| CVE-2023-5757 | 1 Themeum | 1 Wp Crowdfunding | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2023-5750 | 1 Wpdeveloper | 1 Embedpress | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
|
|||||
| CVE-2023-5749 | 1 Wpdeveloper | 1 Embedpress | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
|
|||||
| CVE-2023-5745 | 1 Halgatewood | 1 Reusable Text Blocks | 2024-11-21 | N/A | 5.5 MEDIUM |
|
The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5744 | 1 Very Simple Google Maps Project | 1 Very Simple Google Maps | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5743 | 1 Gravitydesign | 1 Telephone Number Linker | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5742 | 1 Dwuser | 1 Easyrotator For Wordpress | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5741 | 1 Powr | 1 Powr | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5740 | 1 Ninjateam | 1 Live Chat With Facebook Messenger | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5738 | 1 Webtoffee | 1 Backup And Migration | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.
|
|||||
| CVE-2023-5715 | 1 Plerdy | 1 Heatmap | 2024-11-21 | N/A | 4.4 MEDIUM |
|
The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where un ...
Show More |
|||||
| CVE-2023-5708 | 1 Wp Post Columns Project | 1 Wp Post Columns | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5707 | 1 Seothemes | 1 Seo Slider | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5706 | 1 Vektor-inc | 1 Vk Blocks | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5704 | 1 Wpchill | 1 Cpo Shortcodes | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5703 | 1 Giftup | 1 Gift Up Gift Cards For Wordpress And Woocommerce | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5701 | 1 Vnote Project | 1 Vnote | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was con ...
Show More |
|||||
| CVE-2023-5699 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%<zzz><ScRiPt >alert(5646)</ScRiPt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243137 was assigned to this vulnerability.
|
|||||
| CVE-2023-5698 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136.
|
|||||
| CVE-2023-5697 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614--><ScRiPt%20>alert(1234)</ScRiPt><!-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243135.
|
|||||
| CVE-2023-5696 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928--><ScRiPt%20>alert(9206)</ScRiPt><!-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243134 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-5695 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerabilit ...
Show More |
|||||
| CVE-2023-5694 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132.
|
|||||
| CVE-2023-5689 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
|
|||||
| CVE-2023-5688 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
|
|||||
| CVE-2023-5669 | 1 Christiaanconover | 1 Featured Image Caption | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||