Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47653 | 1 Theweb-designs | 1 Twb Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abu Bakar TWB Woocommerce Reviews plugin <= 1.7.5 versions.
|
|||||
| CVE-2023-47646 | 1 Cedcommerce | 1 Recently Viewed And Most Viewed Products | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (Shop Manager+) Stored Cross-Site Scripting (XSS) vulnerability in CedCommerce Recently viewed and most viewed products plugin <= 1.1.1 versions.
|
|||||
| CVE-2023-47623 | 1 Clockworkmod | 1 Scrypted | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login.
|
|||||
| CVE-2023-47620 | 1 Clockworkmod | 1 Scrypted | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code.
|
|||||
| CVE-2023-47575 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS.
|
|||||
| CVE-2023-47561 | 1 Qnap | 1 Photo Station | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.2 ( 2023/12/15 ) and later
|
|||||
| CVE-2023-47559 | 1 Qnap | 1 Qumagie | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
|
|||||
| CVE-2023-47554 | 1 Denk | 1 Actueel Financieel Nieuws | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DenK BV Actueel Financieel Nieuws – Denk Internet Solutions plugin <= 5.1.0 versions.
|
|||||
| CVE-2023-47549 | 1 Spider-themes | 1 Eazydocs | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions.
|
|||||
| CVE-2023-47547 | 1 Wpfactory | 1 Products\, Order \& Customers Export For Woocommerce | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions.
|
|||||
| CVE-2023-47546 | 1 Walterpinem | 1 Oneclick Chat To Order | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Walter Pinem OneClick Chat to Order plugin <= 1.0.4.2 versions.
|
|||||
| CVE-2023-47545 | 1 Fatcatapps | 1 Forms For Mailchimp By Optin Cat | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin <= 2.5.4 versions.
|
|||||
| CVE-2023-47533 | 1 Wpdevart | 1 Countdown And Countup\, Woocommerce Sales Timer | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions.
|
|||||
| CVE-2023-47532 | 1 Themeum | 1 Wp Crowdfunding | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions.
|
|||||
| CVE-2023-47528 | 1 Sajjad67 | 1 Wp Edit Username | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajjad Hossain Sagor WP Edit Username plugin <= 1.0.5 versions.
|
|||||
| CVE-2023-47527 | 1 Sajjadhsagor | 1 Wp Edit Username | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS.This issue affects WP Edit Username: from n/a through 1.0.5.
|
|||||
| CVE-2023-47526 | 1 Ays-pro | 1 Chartify | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6.
|
|||||
| CVE-2023-47525 | 1 Awplife | 1 Event Monster | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2.
|
|||||
| CVE-2023-47524 | 1 Codebard | 1 Patron Button And Widgets For Patreon | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability (requires PHP 8.x) in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions.
|
|||||
| CVE-2023-47522 | 1 Photofeed | 1 Photo Feed | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin <= 2.2.1 versions.
|
|||||
| CVE-2023-47521 | 1 Q2w3 | 1 Q2w3 Post Order | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8.
|
|||||
| CVE-2023-47520 | 1 Michaeluno | 1 Responsive Column Widgets | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Uno (miunosoft) Responsive Column Widgets plugin <= 1.2.7 versions.
|
|||||
| CVE-2023-47518 | 1 Vfbpro | 1 Restrict Categories | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4 versions.
|
|||||
| CVE-2023-47517 | 1 Pressified | 1 Sendpress | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.23.11.6 versions.
|
|||||
| CVE-2023-47514 | 1 Star-emea | 1 Star Cloudprnt For Woocommerce | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT for WooCommerce plugin <= 2.0.3 versions.
|
|||||
| CVE-2023-47511 | 1 So-wp | 1 Pinyin Slugs | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO WP Pinyin Slugs plugin <= 2.3.0 versions.
|
|||||
| CVE-2023-47510 | 1 Wpsolutions-hq | 1 Wpdbspringclean | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSolutions-HQ WPDBSpringClean plugin <= 1.6 versions.
|
|||||
| CVE-2023-47509 | 1 Ioannup | 1 Edit Woocommerce Templates | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup Edit WooCommerce Templates plugin <= 1.1.1 versions.
|
|||||
| CVE-2023-47508 | 1 Averta | 1 Master Slider | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions.
|
|||||
| CVE-2023-47505 | 1 Elementor | 1 Website Builder | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4.
|
|||||
| CVE-2023-47446 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.
|
|||||
| CVE-2023-47437 | 1 Pachno | 1 Pachno | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.
|
|||||
| CVE-2023-47417 | 1 Paulrouget | 1 Dzslides | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-47380 | 1 Admidio | 1 Admidio | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-47379 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
|
|||||
| CVE-2023-47324 | 1 Silverpeas | 1 Silverpeas | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.
|
|||||
| CVE-2023-47314 | 1 H-mdm | 1 Headwind Mdm | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download function returns the file in inline mode, the victim’s browser will immediately render the content of the HTML file as a web page. As a result, the uploaded client-side code will be evaluated and executed ...
Show More |
|||||
| CVE-2023-47309 | 1 Nukium | 1 Gls | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile.
|
|||||
| CVE-2023-47272 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
|
|||||
| CVE-2023-47260 | 1 Redmine | 1 Redmine | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
|
|||||