Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47259 | 1 Redmine | 1 Redmine | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.
|
|||||
| CVE-2023-47258 | 1 Redmine | 1 Redmine | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.
|
|||||
| CVE-2023-47245 | 1 Marcomilesi | 1 Anac Xml Viewer | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Viewer plugin <= 1.7 versions.
|
|||||
| CVE-2023-47242 | 1 Marcomilesi | 1 Anac Xml Bandi Di Gara | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions.
|
|||||
| CVE-2023-47239 | 1 Wpplugin | 1 Easy Paypal Shopping Cart | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Paterson Easy PayPal Shopping Cart plugin <= 1.1.10 versions.
|
|||||
| CVE-2023-47231 | 1 Bainternet | 1 Shortcodes Ui | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.
|
|||||
| CVE-2023-47229 | 1 Vyasdipen | 1 Top 25 Social Icons | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vyas Dipen Top 25 Social Icons plugin <= 3.1 versions.
|
|||||
| CVE-2023-47228 | 1 Web-settler | 1 Layer Slider | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.
|
|||||
| CVE-2023-47227 | 1 Web-settler | 1 Social Feed \| All Social Media In One Place | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin <= 1.5.4.6 versions.
|
|||||
| CVE-2023-47226 | 1 I13websolution | 1 Post Sliders \& Post Grids | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin <= 1.0.20 versions.
|
|||||
| CVE-2023-47215 | 1 Weseek | 1 Growi | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
|
|||||
| CVE-2023-47190 | 1 Apollo13themes | 1 Apollo13 Framework Extensions | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin <= 1.9.0 versions.
|
|||||
| CVE-2023-47185 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
|
|||||
| CVE-2023-47184 | 1 Properfraction | 1 Admin Bar \& Dashboard Access Control | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin <= 1.2.8 versions.
|
|||||
| CVE-2023-47181 | 1 Northernbeacheswebsites | 1 Ideapush | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin <= 8.52 versions.
|
|||||
| CVE-2023-47177 | 1 Pojo | 1 Linker | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin <= 1.2.1 versions.
|
|||||
| CVE-2023-47175 | 1 Luxsoft | 1 Luxcal Web Calendar | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.
|
|||||
| CVE-2023-47164 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
|
|||||
| CVE-2023-47162 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973.
|
|||||
| CVE-2023-47144 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271.
|
|||||
| CVE-2023-47125 | 1 Typo3 | 2 Html Sanitizer, Typo3 | 2024-11-21 | N/A | 4.7 MEDIUM |
|
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-47119 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
|
|||||
| CVE-2023-47115 | 1 Humansignal | 1 Label Studio | 2024-11-21 | N/A | 7.1 HIGH |
|
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a ...
Show More |
|||||
| CVE-2023-47114 | 1 Ethyca | 1 Fides | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being bundled together ...
Show More |
|||||
| CVE-2023-47099 | 1 Virtualmin | 1 Virtualmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server.
|
|||||
| CVE-2023-47098 | 1 Virtualmin | 1 Virtualmin | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field.
|
|||||
| CVE-2023-47097 | 1 Virtualmin | 1 Virtualmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates.
|
|||||
| CVE-2023-47096 | 1 Virtualmin | 1 Virtualmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field.
|
|||||
| CVE-2023-47095 | 1 Virtualmin | 1 Virtualmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server.
|
|||||
| CVE-2023-47094 | 1 Virtualmin | 1 Virtualmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details.
|
|||||
| CVE-2023-46998 | 1 Bootboxjs | 1 Bootbox | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.
|
|||||
| CVE-2023-46974 | 1 Mayurik | 1 Courier Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL.
|
|||||
| CVE-2023-46964 | 1 Hillstonenet | 2 Sc-6000-e3960, Sc-6000-e3960 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering.
|
|||||
| CVE-2023-46935 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
|
|||||
| CVE-2023-46925 | 1 Reportico | 1 Reportico | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-46911 | 1 Jspxcms | 1 Jspxcms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.
|
|||||
| CVE-2023-46858 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."
|
|||||
| CVE-2023-46857 | 1 Squidex.io | 1 Squidex | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation.
|
|||||
| CVE-2023-46854 | 1 Proxmox | 1 Proxmox-widget-toolkit | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.
|
|||||
| CVE-2023-46824 | 1 Omaksolutions | 1 Slick Popup | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <= 1.7.14 versions.
|
|||||