Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44393 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A | 9.3 CRITICAL |
|
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS code into the HTML page, which could then be executed by admin users when they visit the URL with the payload. The vulnerability is caused by the insecure injection of the `plugin_id` value from the ...
Show More |
|||||
| CVE-2023-44390 | 1 Htmlsanitizer Project | 1 Htmlsanitizer | 2024-11-21 | N/A | 6.1 MEDIUM |
|
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is n ...
Show More |
|||||
| CVE-2023-44389 | 1 Zope | 1 Zope | 2024-11-21 | N/A | 3.1 LOW |
|
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
|
|||||
| CVE-2023-44383 | 1 Octobercms | 1 October | 2024-11-21 | N/A | 5.4 MEDIUM |
|
October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.
|
|||||
| CVE-2023-44352 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2023-44315 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.
|
|||||
| CVE-2023-44311 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.
|
|||||
| CVE-2023-44310 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.
|
|||||
| CVE-2023-44309 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset.
|
|||||
| CVE-2023-44301 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
|
|||||
| CVE-2023-44286 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.
|
|||||
| CVE-2023-44276 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 5.4 MEDIUM |
|
OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
|
|||||
| CVE-2023-44275 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 5.4 MEDIUM |
|
OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
|
|||||
| CVE-2023-44272 | 1 Citadel | 1 Citadel | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.
|
|||||
| CVE-2023-44266 | 1 Wpadminify | 1 Wp Adminify | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions.
|
|||||
| CVE-2023-44265 | 1 Gopiplus | 1 Popup Contact Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.
|
|||||
| CVE-2023-44264 | 1 Arrowplugins | 1 The Awesome Feed | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.
|
|||||
| CVE-2023-44263 | 1 Riyaz | 1 Social Metrics | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions.
|
|||||
| CVE-2023-44262 | 1 Renzojohnson | 1 Blocks | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions.
|
|||||
| CVE-2023-44245 | 1 Leaptodigital | 1 Contact Form Website To Workflow Tool | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin <= 4.0.0 versions.
|
|||||
| CVE-2023-44244 | 1 Fooplugins | 1 Foogallery | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions.
|
|||||
| CVE-2023-44242 | 1 2joomla | 1 2j Slideshow | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin <= 1.3.54 versions.
|
|||||
| CVE-2023-44239 | 1 Walkswithme | 1 Social Share On Image Hover | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions.
|
|||||
| CVE-2023-44230 | 1 Gopiplus | 1 Popup Contact Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.
|
|||||
| CVE-2023-44229 | 1 Gopiplus | 1 Tiny Carosel Horizontal Slider | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions.
|
|||||
| CVE-2023-44228 | 1 Gopiplus | 1 Onclick Show Popup | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions.
|
|||||
| CVE-2023-44207 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
|
|||||
| CVE-2023-44174 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Online Movie Ticket Booking System v1.0 is vulnerable to
an authenticated Stored Cross-Site Scripting vulnerability.
|
|||||
| CVE-2023-44173 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Online Movie Ticket Booking System v1.0 is vulnerable to
an authenticated Reflected Cross-Site Scripting vulnerability.
|
|||||
| CVE-2023-44145 | 1 Jesweb | 1 Anchor Episodes Index \(spotify For Podcasters\) | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7 versions.
|
|||||
| CVE-2023-44144 | 1 Dreamfoxmedia | 1 Payment Gateway Per Product For Woocommerce | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7 versions.
|
|||||
| CVE-2023-44143 | 1 Bamboo Mcr | 1 Bamboo Columns | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS.This issue affects Bamboo Columns: from n/a through 1.6.1.
|
|||||
| CVE-2023-44089 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774.
|
|||||
| CVE-2023-44075 | 1 Small Crm Project | 1 Small Crm | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter.
|
|||||
| CVE-2023-44048 | 1 Oretnom23 | 1 Expense Tracker | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category.
|
|||||
| CVE-2023-44043 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter.
|
|||||
| CVE-2023-44042 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.
|
|||||
| CVE-2023-44012 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.
|
|||||
| CVE-2023-43952 | 1 Sscms Project | 1 Sscms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component.
|
|||||
| CVE-2023-43951 | 1 Sscms Project | 1 Sscms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component.
|
|||||