Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5496 | 2 Mozilla, Translator Poqdev Add-on Project | 2 Firefox, Translator Poqdev Add-on | 2024-11-21 | 2.6 LOW | 3.1 LOW |
|
A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendo ...
Show More |
|||||
| CVE-2023-5480 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
|
|||||
| CVE-2023-5469 | 1 Stevenhenty | 1 Drop Shadow Boxes | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5467 | 1 Geomywp | 1 Geo My Wordpress | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5458 | 1 Ashik | 1 Cits Support Svg\, Webp Media And Ttf\,otf File Upload | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
|
|||||
| CVE-2023-5452 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
|
|||||
| CVE-2023-5451 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
|
Forcepoint
NGFW Security Management Center Management Server has SMC Downloads
optional feature to offer standalone Management Client downloads and ECA
configuration downloads.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Next Generation Firewall Security Management Center (SMC Downloads feature) allows Reflected XSS.
This issue affects Next Generation Firewall Security Management Center : before 6.10.13, from 6.11.0 before ...
Show More |
|||||
| CVE-2023-5432 | 1 Gopiplus | 1 Jquery News Ticker | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5421 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 3.5 LOW |
|
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs
immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.
This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
|
|||||
| CVE-2023-5413 | 1 Gopiplus | 1 Image Horizontal Reel Scroll Slideshow | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5381 | 1 Webtechstreet | 1 Elementor Addon Elements | 2024-11-21 | N/A | 4.4 MEDIUM |
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html ...
Show More |
|||||
| CVE-2023-5378 | 2 Megabip, Smod | 2 Megabip, Smodbip | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.
|
|||||
| CVE-2023-5362 | 1 Spicethemes | 1 Carousel\, Recent Post Slider And Banner Slider | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5351 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
|
|||||
| CVE-2023-5348 | 1 Multivendorx | 1 Product Catalog Mode For Woocommerce | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
|
|||||
| CVE-2023-5343 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
|
|||||
| CVE-2023-5338 | 1 Themeblvd | 1 Theme Blvd Shortcodes | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5337 | 1 Formforall | 1 Formforall | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5325 | 1 Levantoan | 1 Woocommerce Vietnam Checkout | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS
|
|||||
| CVE-2023-5323 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
|
|||||
| CVE-2023-5320 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
|
|||||
| CVE-2023-5319 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
|
|||||
| CVE-2023-5317 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
|
|||||
| CVE-2023-5316 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
|
|||||
| CVE-2023-5308 | 1 Secondlinethemes | 1 Podcast Subscribe Buttons | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5305 | 1 Anujk305 | 1 Online Banquet Booking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944.
|
|||||
| CVE-2023-5304 | 1 Anujk305 | 1 Online Banquet Booking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943.
|
|||||
| CVE-2023-5303 | 1 Phpgurukul | 1 Online Banquet Booking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-5302 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability.
|
|||||
| CVE-2023-5292 | 1 Acfextended | 1 Advanced Custom Fields Extended | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfe_form' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5287 | 1 Beecms | 1 Beecms | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admin_content_tag.php?action=save_content. The manipulation of the argument tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240915. NOTE: This vulnerability only affects products that are n ...
Show More |
|||||
| CVE-2023-5286 | 1 Oretnom23 | 1 Expense Tracker | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-5244 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
|
|||||
| CVE-2023-5234 | 1 Peachpay | 1 Related Products For Woocommerce | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Related Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'woo-related' shortcode in versions up to, and including, 3.3.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5232 | 1 Webguysaz | 1 Font Awesome More Icons | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5231 | 1 Pogidude | 1 Magic Action Box | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Magic Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5210 | 1 Amp-cloud | 1 Amp Plus | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
|
|||||
| CVE-2023-5209 | 1 Booking-wp-plugin | 1 Bookly | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2023-5205 | 1 Anilankola | 1 Add Custom Body Class | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-5200 | 1 Flowpaper | 1 Flowpaper | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||