Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3474 | 1 Simplephpscripts | 1 Simple Blog | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability.
|
|||||
| CVE-2023-3469 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
|
|||||
| CVE-2023-3466 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-11-21 | N/A | 8.3 HIGH |
|
Reflected Cross-Site Scripting (XSS)
|
|||||
| CVE-2023-3465 | 1 Simplephpscripts | 1 Classified Ads Script Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232711.
|
|||||
| CVE-2023-3464 | 1 Simplephpscripts | 1 Classified Ads Script Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. VDB-232710 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-3445 | 1 Denkgroot | 1 Spina | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1.
|
|||||
| CVE-2023-3388 | 1 Beautiful-cookie-banner | 1 Beautiful Cookie Consent Banner | 2024-11-21 | N/A | 7.2 HIGH |
|
The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2.
|
|||||
| CVE-2023-3384 | 1 Redhat | 1 Quay | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is
not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).
|
|||||
| CVE-2023-3382 | 1 Game Result Matrix System Project | 1 Game Result Matrix System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument del_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-232238 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-3381 | 1 Online School Fees System Project | 1 Online School Fees System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability.
|
|||||
| CVE-2023-3332 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to
execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.
|
|||||
| CVE-2023-3319 | 1 Idisplay | 1 Platplay Ds | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14.
|
|||||
| CVE-2023-3318 | 1 Resort Management System Project | 1 Resort Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability.
|
|||||
| CVE-2023-3311 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807.
|
|||||
| CVE-2023-3294 | 1 Saleor | 1 React-storefront | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.
|
|||||
| CVE-2023-3293 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
|
|||||
| CVE-2023-3196 | 1 Capensis | 1 Canopsis | 2024-11-21 | N/A | 4.7 MEDIUM |
|
This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.
|
|||||
| CVE-2023-3191 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
|
|||||
| CVE-2023-3189 | 1 Online School Fees System Project | 1 Online School Fees System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Online School Fees System 1.0. This affects an unknown part of the file /paysystem/branch.php of the component POST Parameter Handler. The manipulation of the argument branch leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231501 was assigned to this vulnerability.
|
|||||
| CVE-2023-3184 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.
|
|||||
| CVE-2023-3183 | 1 Performance Indicator System Project | 1 Performance Indicator System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163.
|
|||||
| CVE-2023-3170 | 1 Tagdiv | 1 Tagdiv Composer | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2023-3165 | 1 Janobe | 1 Life Insurance Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability.
|
|||||
| CVE-2023-3142 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
|
|||||
| CVE-2023-3122 | 1 Dev4press | 1 Gd Mail Queue | 2024-11-21 | N/A | 7.2 HIGH |
|
The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-3109 | 1 Admidio | 1 Admidio | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.
|
|||||
| CVE-2023-3093 | 1 Yaycommerce | 1 Yaysmtp | 2024-11-21 | N/A | 7.2 HIGH |
|
The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-3086 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
|
|||||
| CVE-2023-3085 | 1 X-wrt | 1 Luci | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The patch is named 24d7da2416b9ab246825c33c213fe939a89b369c. It i ...
Show More |
|||||
| CVE-2023-3084 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 8.1 HIGH |
|
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
|
|||||
| CVE-2023-3083 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 8.7 HIGH |
|
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
|
|||||
| CVE-2023-3074 | 1 Corebos | 1 Corebos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
|
|||||
| CVE-2023-3073 | 1 Corebos | 1 Corebos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc.
|
|||||
| CVE-2023-3071 | 1 Tsolucio | 1 Corebos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
|
|||||
| CVE-2023-3070 | 1 Corebos | 1 Corebos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
|
|||||
| CVE-2023-3067 | 1 Trilium Project | 1 Trilium | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4.
|
|||||
| CVE-2023-3060 | 1 Agro-school Management System Project | 1 Agro-school Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-3058 | 1 07fly | 1 Customer Relationship Management | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560.
|
|||||
| CVE-2023-3051 | 1 Azexo | 1 Page Builder With Image Map By Azexo | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-3042 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A | 5.3 MEDIUM |
|
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should return a 404 response but didn't.
The oversight in the default invalid URL character list can be viewed at the provided GitHub link https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/Nor ...
Show More |
|||||