Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36234 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.
|
|||||
| CVE-2023-36223 | 1 Bbs-go | 1 Bbs-go | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.
|
|||||
| CVE-2023-36222 | 1 Bbs-go | 1 Bbs-go | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.
|
|||||
| CVE-2023-36217 | 1 Xoops | 1 Xoops | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
|
|||||
| CVE-2023-36211 | 1 Cubiclesoft | 1 Barebones Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.
|
|||||
| CVE-2023-36163 | 1 Buildagate Project | 1 Buildagate | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL.
|
|||||
| CVE-2023-36159 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.
|
|||||
| CVE-2023-36146 | 1 Multilaser | 2 Re170, Re170 Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.
|
|||||
| CVE-2023-36138 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.
|
|||||
| CVE-2023-36137 | 1 Phpjabbers | 1 Class Scheduling System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.
|
|||||
| CVE-2023-36126 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-11-21 | N/A | 6.1 MEDIUM |
|
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0
|
|||||
| CVE-2023-36121 | 1 E107 | 1 E107 | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.
|
|||||
| CVE-2023-36093 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
|
|||||
| CVE-2023-36081 | 1 Gatesair | 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.
|
|||||
| CVE-2023-36031 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 7.6 HIGH |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2023-36030 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Microsoft Dynamics 365 Sales Spoofing Vulnerability
|
|||||
| CVE-2023-36020 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 7.6 HIGH |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2023-36016 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2023-36007 | 1 Microsoft | 1 Send Customer Voice Survey From Dynamics 365 | 2024-11-21 | N/A | 7.6 HIGH |
|
Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability
|
|||||
| CVE-2023-35978 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
|
|||||
| CVE-2023-35971 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
|
A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
|
|||||
| CVE-2023-35929 | 1 Enalean | 1 Tuleap | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edi ...
Show More |
|||||
| CVE-2023-35918 | 1 Woocommerce | 1 Bulk Stock Management | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.
|
|||||
| CVE-2023-35905 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384.
|
|||||
| CVE-2023-35884 | 1 Metagauss | 1 Eventprime | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
|
|||||
| CVE-2023-35882 | 1 Heateor | 1 Super Socializer | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin <= 7.13.52 versions.
|
|||||
| CVE-2023-35878 | 1 Extra User Details Project | 1 Extra User Details | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin <= 0.5 versions.
|
|||||
| CVE-2023-35796 | 1 Siemens | 1 Sinema Server | 2024-11-21 | N/A | 8.3 HIGH |
|
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)
|
|||||
| CVE-2023-35783 | 1 Faceted Search Project | 1 Faceted Search | 2024-11-21 | N/A | 6.3 MEDIUM |
|
The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.
|
|||||
| CVE-2023-35779 | 1 Seedwebs | 1 Seed Fonts | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions.
|
|||||
| CVE-2023-35776 | 1 Bearsthemes | 1 Sermons Online | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.
|
|||||
| CVE-2023-35775 | 1 Wp Backup Solutions Project | 1 Wp Backup Solutions | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions.
|
|||||
| CVE-2023-35772 | 1 Google Map Shortcode Project | 1 Google Map Shortcode | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.
|
|||||
| CVE-2023-35759 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS.
|
|||||
| CVE-2023-35335 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 8.2 HIGH |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2023-35162 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.6 CRITICAL |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > <hostname>/xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has bee ...
Show More |
|||||
| CVE-2023-35161 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.6 CRITICAL |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has bee ...
Show More |
|||||
| CVE-2023-35160 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.6 CRITICAL |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been ...
Show More |
|||||
| CVE-2023-35159 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.6 CRITICAL |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
|
|||||
| CVE-2023-35157 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 8.4 HIGH |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6.
|
|||||