Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41731 | 1 I13websolution | 1 Wordpress Publish Post Email Notification | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions.
|
|||||
| CVE-2023-41729 | 1 Pressified | 1 Sendpress | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.
|
|||||
| CVE-2023-41728 | 1 Rescuethemes | 1 Rescue Shortcodes | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 2.5.
|
|||||
| CVE-2023-41692 | 1 Hennessey | 1 Attorney | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennessey Digital Attorney theme <= 3 theme.
|
|||||
| CVE-2023-41691 | 1 Pensopay | 1 Woocommerce Pensopay | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.
|
|||||
| CVE-2023-41687 | 1 Goods Catalog Project | 1 Goods Catalog | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions.
|
|||||
| CVE-2023-41666 | 1 Stockdio | 1 Stock Quotes List | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions.
|
|||||
| CVE-2023-41663 | 1 Undolog | 1 Wp Bannerize Pro | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions.
|
|||||
| CVE-2023-41662 | 1 Ulfbenjaminsson | 1 Wp-dtree | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.
|
|||||
| CVE-2023-41661 | 1 Smarty | 1 Smarty | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.
|
|||||
| CVE-2023-41658 | 1 I13websolution | 1 Web Solution Photo Gallery Slideshow \& Masonry Tiled Gallery | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions.
|
|||||
| CVE-2023-41657 | 1 Groundhogg | 1 Hollerbox | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions.
|
|||||
| CVE-2023-41655 | 1 Andreas.heigl | 1 Authldap | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <= 2.5.9 versions.
|
|||||
| CVE-2023-41653 | 1 Bearthemes | 1 Sermon\'e - Sermons Online | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.
|
|||||
| CVE-2023-41642 | 1 Grupposcai | 1 Realgimm | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.
|
|||||
| CVE-2023-41621 | 1 Emlog | 1 Emlog | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.
|
|||||
| CVE-2023-41618 | 1 Emlog | 1 Emlog | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.
|
|||||
| CVE-2023-41616 | 1 Student Management System Project | 1 Student Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload.
|
|||||
| CVE-2023-41614 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.
|
|||||
| CVE-2023-41601 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.
|
|||||
| CVE-2023-41597 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.
|
|||||
| CVE-2023-41593 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.
|
|||||
| CVE-2023-41592 | 1 Froala | 1 Froala Editor | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2023-41588 | 1 Appfire | 1 Time To Sla | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter.
|
|||||
| CVE-2023-41575 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.
|
|||||
| CVE-2023-41538 | 1 Phpjabbers | 1 Php Forum Script | 2024-11-21 | N/A | 6.1 MEDIUM |
|
phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
|
|||||
| CVE-2023-41453 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
|
|||||
| CVE-2023-41451 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
|
|||||
| CVE-2023-41448 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.
|
|||||
| CVE-2023-41447 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
|
|||||
| CVE-2023-41446 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
|
|||||
| CVE-2023-41445 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.
|
|||||
| CVE-2023-41436 | 1 Cskaza | 1 Cszcms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.
|
|||||
| CVE-2023-41423 | 1 Terryl | 1 Wp Githuber Md | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function.
|
|||||
| CVE-2023-41343 | 1 Ragic | 1 Enterprise Cloud Database | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
|
|||||
| CVE-2023-41318 | 1 Turt2live | 1 Matrix-media-repo | 2024-11-21 | N/A | 4.1 MEDIUM |
|
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Oper ...
Show More |
|||||
| CVE-2023-41316 | 1 Tolgee | 1 Tolgee | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in ...
Show More |
|||||
| CVE-2023-41250 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 3.5 LOW |
|
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
|
|||||
| CVE-2023-41249 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
|
|||||
| CVE-2023-41248 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
|
|||||