Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49160 | 1 Formzu | 1 Formzu Wp | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.6.
|
|||||
| CVE-2023-49157 | 1 Andreasmuench | 1 Multiple Post Passwords | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1.
|
|||||
| CVE-2023-49152 | 1 Labs64 | 1 Credit Tracker | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17.
|
|||||
| CVE-2023-49151 | 1 Sureswiftcapital | 1 Simple Calendar | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar – Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar – Google Calendar Plugin: from n/a through 3.2.6.
|
|||||
| CVE-2023-49150 | 1 Currencyratetoday | 1 Crypto Converter Widget | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1.
|
|||||
| CVE-2023-49149 | 1 Currencyratetoday | 1 Currency Converter Calculator | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.
|
|||||
| CVE-2023-49146 | 1 Getgrav | 1 Dom-sanitizer | 2024-11-21 | N/A | 6.1 MEDIUM |
|
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.
|
|||||
| CVE-2023-49145 | 1 Apache | 1 Nifi | 2024-11-21 | N/A | 7.9 HIGH |
|
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary
JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.
|
|||||
| CVE-2023-49119 | 1 Weseek | 1 Growi | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
|
|||||
| CVE-2023-49117 | 1 Alfasado | 1 Powercms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
|
|||||
| CVE-2023-49090 | 1 Carrierwave Project | 1 Carrierwave | 2024-11-21 | N/A | 6.8 MEDIUM |
|
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patch ...
Show More |
|||||
| CVE-2023-49088 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim o ...
Show More |
|||||
| CVE-2023-49078 | 1 Zediious | 1 Raptor-web | 2024-11-21 | N/A | 5.4 MEDIUM |
|
raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of `raptor-web` on version `0.4.4`. Any victim who clicks on a malicious cra ...
Show More |
|||||
| CVE-2023-49077 | 1 Mailcow | 1 Mailcow\ | 2024-11-21 | N/A | 8.3 HIGH |
|
Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11.
|
|||||
| CVE-2023-49029 | 1 Smpn1smg | 1 Absis | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file.
|
|||||
| CVE-2023-49028 | 1 Absis | 1 Absis | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file.
|
|||||
| CVE-2023-48940 | 1 Daicuo | 1 Daicuo | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2023-48882 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
|
|||||
| CVE-2023-48881 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.
|
|||||
| CVE-2023-48880 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
|
|||||
| CVE-2023-48839 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
|
|||||
| CVE-2023-48838 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.
|
|||||
| CVE-2023-48837 | 1 Phpjabbers | 1 Car Rental Script | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
|
|||||
| CVE-2023-48836 | 1 Phpjabbers | 1 Car Rental Script | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
|
|||||
| CVE-2023-48828 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
|
|||||
| CVE-2023-48827 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
|
|||||
| CVE-2023-48825 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
|
|||||
| CVE-2023-48824 | 1 Boidcms | 1 Boidcms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action.
|
|||||
| CVE-2023-48780 | 1 Maevelander | 1 Wp Catalogue | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6.
|
|||||
| CVE-2023-48771 | 1 Skyphe | 1 File Gallery | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno "Aesqe" Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4.
|
|||||
| CVE-2023-48770 | 1 Uxdev | 1 Aparat | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1.
|
|||||
| CVE-2023-48767 | 1 Tes-india | 1 Mytube Playlist | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3.
|
|||||
| CVE-2023-48765 | 1 Tillkruss | 1 Email Address Encoder | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22.
|
|||||
| CVE-2023-48756 | 1 Motopress | 1 Jetblocks For Elementor | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8.
|
|||||
| CVE-2023-48752 | 1 Happyforms | 1 Happyforms | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms: from n/a through 1.25.9.
|
|||||
| CVE-2023-48749 | 1 Themenectar | 1 Salient Core | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Stored XSS.This issue affects Salient Core: from n/a through 2.0.2.
|
|||||
| CVE-2023-48748 | 1 Themenectar | 1 Salient Core | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Reflected XSS.This issue affects Salient Core: from n/a through 2.0.2.
|
|||||
| CVE-2023-48746 | 1 Peepso | 1 Peepso | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0.
|
|||||
| CVE-2023-48743 | 1 Codehooligans | 1 Simply Exclude | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Menard Simply Exclude allows Reflected XSS.This issue affects Simply Exclude: from n/a through 2.0.6.6.
|
|||||
| CVE-2023-48737 | 1 Tripay | 1 Payment Gateway | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS.This issue affects TriPay Payment Gateway: from n/a through 3.2.7.
|
|||||