Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52228 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24.
|
|||||
| CVE-2023-52213 | 1 Videowhisper | 1 Rate Star Review | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1.
|
|||||
| CVE-2023-52203 | 1 Cformsii Project | 1 Cformsii | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5.
|
|||||
| CVE-2023-52198 | 1 Michielvaneerd | 1 Private Google Calendars | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125.
|
|||||
| CVE-2023-52197 | 1 Impactpixel | 1 Ads Invalid Click Protection | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0.
|
|||||
| CVE-2023-52196 | 1 Ewels | 1 Cpt Bootstrap Carousel | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12.
|
|||||
| CVE-2023-52195 | 1 Kerryjames | 1 Posts To Page | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7.
|
|||||
| CVE-2023-52194 | 1 Takayukimiyauchi | 1 Oembed Gist | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1.
|
|||||
| CVE-2023-52192 | 1 Keap | 1 Official Opt-in Forms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11.
|
|||||
| CVE-2023-52191 | 1 Torbjon | 1 Infogram | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Torbjon Infogram – Add charts, maps and infographics allows Stored XSS.This issue affects Infogram – Add charts, maps and infographics: from n/a through 1.6.1.
|
|||||
| CVE-2023-52189 | 1 Jhayghost | 1 Ideal Interactive Map | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4.
|
|||||
| CVE-2023-52188 | 1 Russelljamieson | 1 Footer Putter | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter allows Stored XSS.This issue affects Footer Putter: from n/a through 1.17.
|
|||||
| CVE-2023-52178 | 1 Mojofywp | 1 Wp Affiliate Disclosure | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: from n/a through 1.2.7.
|
|||||
| CVE-2023-52175 | 1 Michaeluno | 1 Auto Amazon Links | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links – Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links – Amazon Associates Affiliate Plugin: from n/a through 5.1.1.
|
|||||
| CVE-2023-52125 | 1 Iframe Project | 1 Iframe | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8.
|
|||||
| CVE-2023-52124 | 1 Shapedplugin | 1 Wp Tabs | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.
|
|||||
| CVE-2023-52118 | 1 Wp-eventmanager | 1 Wp Event Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.This issue affects WP User Profile Avatar: from n/a through 1.0.
|
|||||
| CVE-2023-52084 | 1 Wintercms | 1 Winter | 2024-11-21 | N/A | 2.0 LOW |
|
Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4.
|
|||||
| CVE-2023-52083 | 1 Wintercms | 1 Winter | 2024-11-21 | N/A | 2.0 LOW |
|
Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4.
|
|||||
| CVE-2023-51739 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51738 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name (SSID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51737 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51736 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51735 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Pre-shared key parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51734 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51733 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51732 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the IPsec Tunnel Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51731 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51730 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51729 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51728 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51727 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51726 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51725 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Contact Email Address parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51724 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51723 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51722 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51721 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51720 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||
| CVE-2023-51719 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
|
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
|
|||||