Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35156 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.6 CRITICAL |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 ...
Show More |
|||||
| CVE-2023-35155 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 8.8 HIGH |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `<xwiki-host>/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E&includeDocument=inline&message ...
Show More |
|||||
| CVE-2023-35153 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.0 CRITICAL |
|
XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update ...
Show More |
|||||
| CVE-2023-35146 | 1 Jenkins | 1 Template Workflows | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.
|
|||||
| CVE-2023-35139 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2024-11-21 | N/A | 5.2 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored ...
Show More |
|||||
| CVE-2023-35131 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
|
|||||
| CVE-2023-35098 | 1 Wordpress Nextgen Galleryview Project | 1 Wordpress Nextgen Galleryview | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.
|
|||||
| CVE-2023-35097 | 1 Dojo | 1 Wp Affiliate Links | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet Marketing Dojo WP Affiliate Links plugin <= 0.1.1 versions.
|
|||||
| CVE-2023-35095 | 1 Flothemes | 1 Flo Forms | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin <= 1.0.40 versions.
|
|||||
| CVE-2023-35094 | 1 Mpembed | 1 Wp Matterport Shortcode | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Julien Berthelot / MPEmbed WP Matterport Shortcode plugin <= 2.1.4 versions.
|
|||||
| CVE-2023-35092 | 1 Abhayrajmca | 1 Breadcrumb Simple | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abhay Yadav Breadcrumb simple plugin <= 1.3 versions.
|
|||||
| CVE-2023-35090 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.
|
|||||
| CVE-2023-35054 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A | 4.6 MEDIUM |
|
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
|
|||||
| CVE-2023-35048 | 1 Magepeople | 1 Booking \& Rental Manager | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1 versions.
|
|||||
| CVE-2023-35043 | 1 Recent Posts Slider Project | 1 Recent Posts Slider | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.
|
|||||
| CVE-2023-35024 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.
|
|||||
| CVE-2023-34977 | 1 Qnap | 1 Video Station | 2024-11-21 | N/A | 4.6 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later
|
|||||
| CVE-2023-34941 | 1 Asus | 2 Rt-n10lx, Rt-n10lx Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2023-34869 | 1 Phpjabbers | 1 Catering System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot.
|
|||||
| CVE-2023-34855 | 1 Ac Centralized Management Platform Project | 1 Ac Centralized Management Platform | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.
|
|||||
| CVE-2023-34840 | 1 Angular-ui-notification Project | 1 Angular-ui-notification | 2024-11-21 | N/A | 6.1 MEDIUM |
|
angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2023-34838 | 1 Escanav | 1 Escan Management Console | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
|
|||||
| CVE-2023-34837 | 1 Escanav | 1 Escan Management Console | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
|
|||||
| CVE-2023-34836 | 1 Escanav | 1 Escan Management Console | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.
|
|||||
| CVE-2023-34835 | 1 Escanav | 1 Escan Management Console | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.
|
|||||
| CVE-2023-34831 | 1 Odysseycs | 1 Ithacalabs Turnitin Lti | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form ("id" and "title" HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks.
|
|||||
| CVE-2023-34830 | 1 I-doit | 1 I-doit | 2024-11-21 | N/A | 5.4 MEDIUM |
|
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.
|
|||||
| CVE-2023-34796 | 1 Techsneeze | 1 Dmarc Report | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.
|
|||||
| CVE-2023-34734 | 1 Secnet | 1 Annet Ac Centralized Management Platform | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) .
|
|||||
| CVE-2023-34654 | 1 Taogogo | 1 Taocms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-34652 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.
|
|||||
| CVE-2023-34651 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-34650 | 1 Small Crm Project | 1 Small Crm | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-34648 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.
|
|||||
| CVE-2023-34647 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-34637 | 1 Isarnet | 1 Isarflow | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title parameter in the IsarFlow Portal.
|
|||||
| CVE-2023-34599 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.
|
|||||
| CVE-2023-34565 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function.
|
|||||
| CVE-2023-34537 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
|
|||||
| CVE-2023-34486 | 1 Online Hotel Management System Project | 1 Online Hotel Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.
|
|||||