Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51397 | 1 Brainstormforce | 1 Wp Remote Site Search | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4.
|
|||||
| CVE-2023-51374 | 1 Zerobounce | 1 Zerobounce Email Verification \& Validation | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS.This issue affects ZeroBounce Email Verification & Validation: from n/a through 1.0.11.
|
|||||
| CVE-2023-51373 | 1 Nakunakifi | 1 Google Photos Gallery With Shortcodes | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2.
|
|||||
| CVE-2023-51372 | 1 Hasthemes | 1 Hashbar | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1.
|
|||||
| CVE-2023-51371 | 1 Bitapps | 1 Bit Assist | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS.This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Cust ...
Show More |
|||||
| CVE-2023-51370 | 1 Ninjateam | 1 Wp Chat App | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4.
|
|||||
| CVE-2023-51361 | 1 Gingerplugins | 1 Sticky Chat Widget | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button: from n/a through 1.1.8.
|
|||||
| CVE-2023-50964 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102.
|
|||||
| CVE-2023-50947 | 1 Ibm | 2 Business Automation Workflow, Cloud Pak For Business Automation | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.
|
|||||
| CVE-2023-50924 | 1 Engelsystem | 1 Engelsystem | 2024-11-21 | N/A | 7.3 HIGH |
|
Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed du ...
Show More |
|||||
| CVE-2023-50905 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.
|
|||||
| CVE-2023-50901 | 1 Hasthemes | 1 Ht Mega | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8.
|
|||||
| CVE-2023-50896 | 1 Weformspro | 1 Weforms | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.
|
|||||
| CVE-2023-50893 | 1 Upsolution | 1 Impreza | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4.
|
|||||
| CVE-2023-50892 | 1 Codex-themes | 1 Thegem | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.
|
|||||
| CVE-2023-50891 | 1 Zohocorp | 1 Zoho Forms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1.
|
|||||
| CVE-2023-50889 | 1 Fastlinemedia | 1 Beaver Builder | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2.
|
|||||
| CVE-2023-50881 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15.
|
|||||
| CVE-2023-50880 | 1 Buddypress | 1 Buddypress | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1.
|
|||||
| CVE-2023-50879 | 1 Automattic | 1 Wordpress.com Editing Toolkit | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784.
|
|||||
| CVE-2023-50875 | 1 Automattic | 1 Sensei Lms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0.
|
|||||
| CVE-2023-50874 | 1 Connekthq | 1 Ajax Load More | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1.
|
|||||
| CVE-2023-50860 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85.
|
|||||
| CVE-2023-50859 | 1 Themeum | 1 Wp Crowdfunding | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.1.6.
|
|||||
| CVE-2023-50834 | 1 Augustinfotech | 1 Woocommerce Menu Extension | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.
|
|||||
| CVE-2023-50833 | 1 Extendthemes | 1 Colibri Page Builder | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through 1.0.239.
|
|||||
| CVE-2023-50832 | 1 Mondula | 1 Multi Step Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13.
|
|||||
| CVE-2023-50831 | 1 Villatheme | 1 Curcy | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.
|
|||||
| CVE-2023-50830 | 1 Seosthemes | 1 Seos Contact Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS.This issue affects Seos Contact Form: from n/a through 1.8.0.
|
|||||
| CVE-2023-50829 | 1 Quick-plugins | 1 Loan Repayment Calculator And Application Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3.
|
|||||
| CVE-2023-50828 | 1 Davidvongries | 1 Ultimate Dashboard | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11.
|
|||||
| CVE-2023-50827 | 1 Accredible | 1 Accredible Certificates \& Open Badges | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.
|
|||||
| CVE-2023-50826 | 1 Freshlightlab | 1 Menu Image\, Icons Made Easy | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS.This issue affects Menu Image, Icons made easy: from n/a through 3.10.
|
|||||
| CVE-2023-50825 | 1 Jacksonwhelan | 1 Iframe Shortcode | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0.
|
|||||
| CVE-2023-50824 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.
|
|||||
| CVE-2023-50823 | 1 Wipeoutmedia | 1 Css \& Javascript Toolbox | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.
|
|||||
| CVE-2023-50822 | 1 Currencywiki | 1 Currency Converter Widget - Exchange Rates | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget – Exchange Rates allows Stored XSS.This issue affects Currency Converter Widget – Exchange Rates: from n/a through 3.0.2.
|
|||||
| CVE-2023-50808 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.
|
|||||
| CVE-2023-50727 | 1 Resque | 1 Resque | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0.
|
|||||
| CVE-2023-50725 | 1 Resque | 1 Resque | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This issue has been patched in version 2.2.1.
|
|||||