Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43710 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
|
|||||
| CVE-2023-43709 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
|
|||||
| CVE-2023-43708 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
|
|||||
| CVE-2023-43707 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name]
" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
|
|||||
| CVE-2023-43706 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "email_templates_key" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
|
|||||
| CVE-2023-43705 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
|
|||||
| CVE-2023-43704 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "title" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
|
|||||
| CVE-2023-43703 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
|
|||||
| CVE-2023-43702 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "tracking_number" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
|
|||||
| CVE-2023-43701 | 1 Apache | 1 Superset | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2.
Users are recommended to upgrade to version 2.1.2, which fixes this issue.
|
|||||
| CVE-2023-43698 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients
browser via injecting code into the website.
|
|||||
| CVE-2023-43659 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 8.0 HIGH |
|
Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
|
|||||
| CVE-2023-43658 | 1 Discourse | 1 Discourse Calendar | 2024-11-21 | N/A | 8.0 HIGH |
|
dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. Users u ...
Show More |
|||||
| CVE-2023-43657 | 1 Discourse | 1 Discourse-encrypt | 2024-11-21 | N/A | 7.2 HIGH |
|
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version ...
Show More |
|||||
| CVE-2023-43647 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.
|
|||||
| CVE-2023-43643 | 1 Antisamy Project | 1 Antisamy | 2024-11-21 | N/A | 6.1 MEDIUM |
|
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpret ...
Show More |
|||||
| CVE-2023-43566 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 3.5 LOW |
|
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
|
|||||
| CVE-2023-43509 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | N/A | 5.8 MEDIUM |
|
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.
|
|||||
| CVE-2023-43499 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
|
|||||
| CVE-2023-43495 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.
|
|||||
| CVE-2023-43458 | 1 Resort Reservation System Project | 1 Resort Reservation System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function.
|
|||||
| CVE-2023-43456 | 1 Oretnom23 | 1 Service Provider Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint.
|
|||||
| CVE-2023-43377 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
|
|||||
| CVE-2023-43376 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
|
|||||
| CVE-2023-43360 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
|
|||||
| CVE-2023-43359 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
|
|||||
| CVE-2023-43358 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
|
|||||
| CVE-2023-43357 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
|
|||||
| CVE-2023-43356 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
|
|||||
| CVE-2023-43355 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
|
|||||
| CVE-2023-43354 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
|
|||||
| CVE-2023-43353 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
|
|||||
| CVE-2023-43346 | 1 Opensolution | 1 Quick Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.
|
|||||
| CVE-2023-43345 | 1 Opensolution | 1 Quick Cms | 2024-11-21 | N/A | 8.6 HIGH |
|
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.
|
|||||
| CVE-2023-43344 | 1 Opensolution | 1 Quick Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.
|
|||||
| CVE-2023-43343 | 1 Opensolution | 1 Quick Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.
|
|||||
| CVE-2023-43342 | 1 Opensolution | 1 Quick Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.
|
|||||
| CVE-2023-43341 | 1 Evo | 1 Evolution Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
|
|||||
| CVE-2023-43340 | 1 Evo | 1 Evolution Cms | 2024-11-21 | N/A | 5.2 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
|
|||||
| CVE-2023-43339 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
|
|||||