Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42253 | 1 Vehicle Management Project | 1 Vehicle Management | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scripting (XSS) in Add Accounts via Invoice No, To, and Mammul.
|
|||||
| CVE-2023-42029 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2024-11-21 | N/A | 4.8 MEDIUM |
|
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.
|
|||||
| CVE-2023-42022 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.
|
|||||
| CVE-2023-42015 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512.
|
|||||
| CVE-2023-42014 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265511.
|
|||||
| CVE-2023-42009 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504.
|
|||||
| CVE-2023-41949 | 1 Avirtum | 1 Ifolders | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions.
|
|||||
| CVE-2023-41948 | 1 Christophrado | 1 Cookie Notice \& Consent | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions.
|
|||||
| CVE-2023-41944 | 1 Jenkins | 1 Aws Codecommit Trigger | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.
|
|||||
| CVE-2023-41940 | 1 Jenkins | 1 Tap | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.
|
|||||
| CVE-2023-41931 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2023-41922 | 1 Kiloview | 4 P1, P1 Firmware, P2 and 1 more | 2024-11-21 | N/A | 7.2 HIGH |
|
A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities.
|
|||||
| CVE-2023-41905 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | N/A | 5.4 MEDIUM |
|
NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user.
|
|||||
| CVE-2023-41895 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | N/A | 8.8 HIGH |
|
Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the `redirect_uri` and `client_id` parameters. Although the `redirect_uri` validation typically ensures that it matches the `client_id` and the scheme represents either `http` or `https`, Home Assistant will fetch the `client_id` and check for `<link rel="redirect_uri" href="...">` HTML tags on the page. These URLs ...
Show More |
|||||
| CVE-2023-41874 | 1 Tychesoftwares | 1 Order Delivery Date For Woocommerce | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions.
|
|||||
| CVE-2023-41872 | 1 Xtemos | 1 Woodmart | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions.
|
|||||
| CVE-2023-41871 | 1 Ays-pro | 1 Poll Maker | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions.
|
|||||
| CVE-2023-41868 | 1 Codestag | 1 Stagtools | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions.
|
|||||
| CVE-2023-41867 | 1 Acymailing | 1 Acymailing | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.
|
|||||
| CVE-2023-41863 | 1 Peprodev | 1 Peprodev Cf7 Database | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <= 1.7.0 versions.
|
|||||
| CVE-2023-41861 | 1 Tickera | 1 Restrict | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions.
|
|||||
| CVE-2023-41860 | 1 Travelmap | 1 Travelmap | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <= 1.0.1 versions.
|
|||||
| CVE-2023-41859 | 1 Tychesoftwares | 1 Order Delivery Date For Wp E-commerce | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.
|
|||||
| CVE-2023-41856 | 1 Clicktotweet | 1 Click To Tweet | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <= 2.0.14 versions.
|
|||||
| CVE-2023-41855 | 1 Regpacks | 1 Regpack | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions.
|
|||||
| CVE-2023-41847 | 1 Wensolutions | 1 Notice Bar | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions.
|
|||||
| CVE-2023-41815 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774.
|
|||||
| CVE-2023-41814 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 3.7 LOW |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774.
|
|||||
| CVE-2023-41813 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 3.0 LOW |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774.
|
|||||
| CVE-2023-41811 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773.
|
|||||
| CVE-2023-41810 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773.
|
|||||
| CVE-2023-41800 | 1 Uniconsent | 1 Cmp For Gdpr Cpra Gpp Tcf | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions.
|
|||||
| CVE-2023-41797 | 1 Goldplugins | 1 Locations | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions.
|
|||||
| CVE-2023-41791 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 8.4 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773.
|
|||||
| CVE-2023-41789 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 7.6 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773.
|
|||||
| CVE-2023-41781 | 1 Zte | 2 Mf258, Mf258 Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
|
There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.
|
|||||
| CVE-2023-41737 | 1 Wpgens | 1 Swifty Bar | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGens Swifty Bar, sticky bar by WPGens plugin <= 1.2.10 versions.
|
|||||
| CVE-2023-41736 | 1 Gopiplus | 1 Email Posts To Subscribers | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions.
|
|||||
| CVE-2023-41734 | 1 Nigauri | 1 Insert Estimated Reading Time | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2 versions.
|
|||||
| CVE-2023-41733 | 1 Yydevelopment | 1 Back To The Top Button | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in YYDevelopment Back To The Top Button plugin <= 2.1.5 versions.
|
|||||