Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33580 | 1 Phpgurukul | 1 Student Study Center Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
|
|||||
| CVE-2023-33564 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | N/A | 6.1 MEDIUM |
|
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
|
|||||
| CVE-2023-33560 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | N/A | 6.1 MEDIUM |
|
There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
|
|||||
| CVE-2023-33492 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-33387 | 1 Datev | 1 Eg Personal-management System Comfort\/comfort Plus | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.
|
|||||
| CVE-2023-33356 | 1 Thecosy | 1 Icecms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-33336 | 1 Sophos | 1 Web Appliance | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
|
|||||
| CVE-2023-33335 | 1 Sophos | 1 Iview | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.
|
|||||
| CVE-2023-33332 | 1 Woocommerce Product Vendors Project | 1 Woocommerce Product Vendors | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions.
|
|||||
| CVE-2023-33329 | 1 Custom Post Type Generator Project | 1 Custom Post Type Generator | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Hijiri Custom Post Type Generator plugin <= 2.4.2 versions.
|
|||||
| CVE-2023-33328 | 1 Pluginops | 1 Mailchimp Subscribe Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps MailChimp Subscribe Form plugin <= 4.0.9.1 versions.
|
|||||
| CVE-2023-33326 | 1 Metagauss | 1 Eventprime | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.
|
|||||
| CVE-2023-33325 | 1 Te-st | 1 Leyka | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.
|
|||||
| CVE-2023-33323 | 1 Reputeinfosystems | 1 Armember | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions.
|
|||||
| CVE-2023-33320 | 1 Wp-hijri Project | 1 Wp-hijri | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <= 1.5.1 versions.
|
|||||
| CVE-2023-33319 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
|
|||||
| CVE-2023-33317 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.
|
|||||
| CVE-2023-33312 | 1 Easy Captcha Project | 1 Easy Captcha | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <= 1.0 versions.
|
|||||
| CVE-2023-33311 | 1 Crmperks | 1 Contact Form Entries - Contact Form 7 Wpforms And More | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <= 1.3.0 versions.
|
|||||
| CVE-2023-33309 | 1 Awesomemotive | 1 Duplicator | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions.
|
|||||
| CVE-2023-33276 | 1 Gira | 2 Knx Ip Router, Knx Ip Router Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).
|
|||||
| CVE-2023-33257 | 1 Verint | 1 Engagement Management | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.
|
|||||
| CVE-2023-33231 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | N/A | 6.1 MEDIUM |
|
XSS attack was possible in DPA 2023.2 due to insufficient input validation
|
|||||
| CVE-2023-33216 | 1 Gvectors | 1 Woodiscuz - Woocommerce Comments | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9.
|
|||||
| CVE-2023-33213 | 1 Gvectors | 1 Wpview | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions.
|
|||||
| CVE-2023-33211 | 1 Wp-matomo Integration Project | 1 Wp-matomo Integration | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in André Bräkling WP-Matomo Integration (WP-Piwik) plugin <= 1.0.27 versions.
|
|||||
| CVE-2023-33210 | 1 Nuajik | 1 Nuajik-cdn | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions.
|
|||||
| CVE-2023-33208 | 1 Cookie Monster Project | 1 Cookie Monster | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions.
|
|||||
| CVE-2023-33197 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.
|
|||||
| CVE-2023-33196 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
|
|||||
| CVE-2023-33195 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
|
|||||
| CVE-2023-33194 | 2 Craftcms, Craftercms | 2 Craft Cms, Craftercms | 2024-11-21 | N/A | 3.7 LOW |
|
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.
|
|||||
| CVE-2023-33186 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A | 8.2 HIGH |
|
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the toolt ...
Show More |
|||||
| CVE-2023-33171 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 8.2 HIGH |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2023-33159 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2023-33132 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2023-33130 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 7.3 HIGH |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2023-32965 | 1 Crudlab | 1 Jazz Popups | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions.
|
|||||
| CVE-2023-32962 | 1 Hasthemes | 1 Wishsuite | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions.
|
|||||
| CVE-2023-32961 | 1 Zotpress Project | 1 Zotpress | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions.
|
|||||