Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48326 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5.
|
|||||
| CVE-2023-48322 | 1 Edocintelligence | 1 Employee Job Application | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application – Best WordPress Job Manager for Employees: from n/a through 1.13.
|
|||||
| CVE-2023-48321 | 1 Magazine3 | 1 Amp For Wp | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1.
|
|||||
| CVE-2023-48320 | 1 Web-dorado | 1 Spidervplayer | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a through 1.5.22.
|
|||||
| CVE-2023-48317 | 1 Vikasvatsa | 1 Display Custom Post | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS.This issue affects Display Custom Post: from n/a through 2.2.1.
|
|||||
| CVE-2023-48314 | 1 Collaboraoffice | 1 Collabora Online | 2024-11-21 | N/A | 7.1 HIGH |
|
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-48313 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue.
|
|||||
| CVE-2023-48302 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
|
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup (Ctrl+Shift+V) the markup will actually render. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app text.
|
|||||
| CVE-2023-48301 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
|
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles.
|
|||||
| CVE-2023-48300 | 1 Epiph | 1 Embed Privacy | 2024-11-21 | N/A | 6.3 MEDIUM |
|
The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected p ...
Show More |
|||||
| CVE-2023-48295 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 6.3 MEDIUM |
|
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-48289 | 1 Spreadsheetconverter | 1 Import Spreadsheets | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.3.
|
|||||
| CVE-2023-48272 | 1 Wpmaspik | 1 Maspik | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2.
|
|||||
| CVE-2023-48255 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 6.3 MEDIUM |
|
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.
|
|||||
| CVE-2023-48254 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
|
|||||
| CVE-2023-48248 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.
|
|||||
| CVE-2023-48244 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
|
|||||
| CVE-2023-48219 | 1 Tiny | 1 Tinymce | 2024-11-21 | N/A | 6.1 MEDIUM |
|
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the con ...
Show More |
|||||
| CVE-2023-48208 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
|
|||||
| CVE-2023-48206 | 1 Mayurik | 1 Courier Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php.
|
|||||
| CVE-2023-48172 | 1 Phpjabbers | 1 Shuttle Booking Software | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php.
|
|||||
| CVE-2023-48116 | 1 Smartertools | 1 Smartermail | 2024-11-21 | N/A | 5.4 MEDIUM |
|
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.
|
|||||
| CVE-2023-48115 | 1 Smartertools | 1 Smartermail | 2024-11-21 | N/A | 5.4 MEDIUM |
|
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.
|
|||||
| CVE-2023-48114 | 1 Smartertools | 1 Smartermail | 2024-11-21 | N/A | 5.4 MEDIUM |
|
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.
|
|||||
| CVE-2023-48094 | 1 Cesium | 1 Cesiumjs | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product.
|
|||||
| CVE-2023-48088 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | N/A | 5.4 MEDIUM |
|
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.
|
|||||
| CVE-2023-48068 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
|
|||||
| CVE-2023-48042 | 1 Communitydeveloper | 1 Amazzing Filter | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code.
|
|||||
| CVE-2023-47877 | 1 Perfmatters | 1 Perfmatters | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0.
|
|||||
| CVE-2023-47876 | 1 Perfmatters | 1 Perfmatters | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6.
|
|||||
| CVE-2023-47872 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.
|
|||||
| CVE-2023-47851 | 1 Addonmaster | 1 Bootstrap Shortcodes Ultimate | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1.
|
|||||
| CVE-2023-47850 | 1 Peepso | 1 Peepso | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0.
|
|||||
| CVE-2023-47848 | 1 Tainacan | 1 Tainacan | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4.
|
|||||
| CVE-2023-47844 | 1 Neobie | 1 Grab \& Save | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4.
|
|||||
| CVE-2023-47839 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions.
|
|||||
| CVE-2023-47835 | 1 Ari-soft | 1 Ari Stream Quiz | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions.
|
|||||
| CVE-2023-47834 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions.
|
|||||
| CVE-2023-47833 | 1 Slimndap | 1 Theater For Wordpress | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress plugin <= 0.18.3 versions.
|
|||||
| CVE-2023-47831 | 1 Assortedchips | 1 Drawit | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in assorted[chips] DrawIt (draw.Io) plugin <= 1.1.3 versions.
|
|||||