Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50724 | 1 Resque | 1 Resque | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.
|
|||||
| CVE-2023-50722 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.6 CRITICAL |
|
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doe ...
Show More |
|||||
| CVE-2023-50712 | 1 Dfir-iris | 1 Iris | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicio ...
Show More |
|||||
| CVE-2023-50639 | 1 Iscute | 1 Cute Http File Server | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.
|
|||||
| CVE-2023-50566 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.
|
|||||
| CVE-2023-50565 | 1 Rpcms | 1 Rpcms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2023-50550 | 1 Layui | 1 Layui | 2024-11-21 | N/A | 5.4 MEDIUM |
|
layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.
|
|||||
| CVE-2023-50473 | 1 Billahmed | 1 Qbit Matui | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file.
|
|||||
| CVE-2023-50470 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2023-50465 | 1 Monicahq | 1 Monica | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.
|
|||||
| CVE-2023-50377 | 1 Ab-wp | 1 Simple Counter | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS.This issue affects Simple Counter: from n/a through 1.0.2.
|
|||||
| CVE-2023-50376 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8.
|
|||||
| CVE-2023-50371 | 1 Pagevisitcounter | 1 Advanced Page Visit Counter | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6.
|
|||||
| CVE-2023-50370 | 1 Livemeshthemes | 1 Wpbakery Page Builder Addons | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5.
|
|||||
| CVE-2023-50369 | 1 Almapay | 1 Alma | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma – Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma – Pay in installments or later for WooCommerce: from n/a through 5.1.3.
|
|||||
| CVE-2023-50368 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.
|
|||||
| CVE-2023-50357 | 1 Areal-topkapi | 1 Webserv1 | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users.
|
|||||
| CVE-2023-50339 | 1 Weseek | 1 Growi | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
|
|||||
| CVE-2023-50166 | 1 Pega | 1 Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
|
|||||
| CVE-2023-50137 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
|
|||||
| CVE-2023-50102 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-50101 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
|
|||||
| CVE-2023-50100 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
|
|||||
| CVE-2023-50069 | 1 Wiremock | 1 Wiremock | 2024-11-21 | N/A | 6.1 MEDIUM |
|
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.
|
|||||
| CVE-2023-4983 | 1 App1pro | 1 Shopicial | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in app1pro Shopicial up to 20230830. It has been declared as problematic. This vulnerability affects unknown code of the file search. The manipulation of the argument from with the input comments</script>'"><img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted e ...
Show More |
|||||
| CVE-2023-4982 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
|
|||||
| CVE-2023-4981 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
|
|||||
| CVE-2023-4980 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
|
|||||
| CVE-2023-4979 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
|
|||||
| CVE-2023-4978 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
|
|||||
| CVE-2023-4973 | 2 Creativeitem, Microsoft | 2 Academy Lms, Windows | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was cont ...
Show More |
|||||
| CVE-2023-4970 | 1 Pubydoc | 1 Pubydoc | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
|
|||||
| CVE-2023-4968 | 1 Wpeka | 1 Wplegalpages | 2024-11-21 | N/A | 5.5 MEDIUM |
|
The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-4962 | 1 Wp-plugins | 1 Video Popup | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-4961 | 1 Poptin | 1 Popups | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-4951 | 1 Greenrocketsecurity | 1 Greenradius | 2024-11-21 | N/A | 2.0 LOW |
|
A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2.
|
|||||
| CVE-2023-4932 | 1 Sas | 1 Integration Technologies | 2024-11-21 | N/A | 6.3 MEDIUM |
|
SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.
|
|||||
| CVE-2023-4919 | 1 Iframe Project | 1 Iframe | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7.
|
|||||
| CVE-2023-4913 | 1 Cecil | 1 Cecil | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1.
|
|||||
| CVE-2023-4892 | 1 Sismics | 1 Teedy | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Teedy v1.11 has a vulnerability in its text editor that allows events
to be executed in HTML tags that an attacker could manipulate. Thanks
to this, it is possible to execute malicious JavaScript in the webapp.
|
|||||