Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41242 | 1 Creativehassan | 1 Snap Pixel | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions.
|
|||||
| CVE-2023-41241 | 1 Surecart | 1 Surecart | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <= 2.5.0 versions.
|
|||||
| CVE-2023-41238 | 1 Ultimatelysocial | 1 Social Media Share Buttons \& Social Sharing Icons | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.3 versions.
|
|||||
| CVE-2023-41237 | 1 Everestthemes | 1 Arya Multipurpose Theme | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose Pro theme <= 1.0.8 versions.
|
|||||
| CVE-2023-41236 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions.
|
|||||
| CVE-2023-41235 | 1 Everestthemes | 1 Everest News | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Everest News Pro theme <= 1.1.7 versions.
|
|||||
| CVE-2023-41172 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | N/A | 5.4 MEDIUM |
|
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4).
|
|||||
| CVE-2023-41171 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | N/A | 5.4 MEDIUM |
|
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4).
|
|||||
| CVE-2023-41170 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | N/A | 6.1 MEDIUM |
|
NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability.
|
|||||
| CVE-2023-41169 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | N/A | 5.4 MEDIUM |
|
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4).
|
|||||
| CVE-2023-41168 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | N/A | 5.4 MEDIUM |
|
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4).
|
|||||
| CVE-2023-41167 | 1 Webiny | 1 Webiny | 2024-11-21 | N/A | 4.8 MEDIUM |
|
@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it ...
Show More |
|||||
| CVE-2023-41163 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.
|
|||||
| CVE-2023-41162 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down.
|
|||||
| CVE-2023-41161 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.
|
|||||
| CVE-2023-41160 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.
|
|||||
| CVE-2023-41159 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.
|
|||||
| CVE-2023-41158 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program.
|
|||||
| CVE-2023-41157 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab.
|
|||||
| CVE-2023-41156 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
|
|||||
| CVE-2023-41155 | 1 Webmin | 2 Usermin, Webmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
|
|||||
| CVE-2023-41154 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.
|
|||||
| CVE-2023-41153 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.
|
|||||
| CVE-2023-41152 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program.
|
|||||
| CVE-2023-41150 | 1 F-revocrm | 1 F-revocrm | 2024-11-21 | N/A | 5.4 MEDIUM |
|
F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
|
|||||
| CVE-2023-41136 | 1 Ohmybox | 1 Simple Long Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS.This issue affects Simple Long Form: from n/a through 2.2.2.
|
|||||
| CVE-2023-41128 | 1 Iqonic | 1 Wp Roadmap | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8.
|
|||||
| CVE-2023-41127 | 1 Evergreencontentposter | 1 Evergreen Content Poster | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1.
|
|||||
| CVE-2023-41107 | 1 Tef | 1 Tef Portal | 2024-11-21 | N/A | 5.4 MEDIUM |
|
TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.
|
|||||
| CVE-2023-41098 | 1 Misp | 1 Misp | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
|
|||||
| CVE-2023-41049 | 1 Decentraland | 1 Single Sign On Client | 2024-11-21 | N/A | 7.5 HIGH |
|
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function.
|
|||||
| CVE-2023-41048 | 1 Plone | 2 Namedfile, Plone | 2024-11-21 | N/A | 3.7 LOW |
|
plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable ...
Show More |
|||||
| CVE-2023-41013 | 1 Icewarp | 1 Icewarp | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
|
|||||
| CVE-2023-40986 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
|
|||||
| CVE-2023-40985 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
|
|||||
| CVE-2023-40984 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
|
|||||
| CVE-2023-40983 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
|
|||||
| CVE-2023-40982 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
|
|||||
| CVE-2023-40932 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
|
|||||
| CVE-2023-40877 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter.
|
|||||