Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32958 | 1 Nosegraze | 1 Novelist | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin <= 1.2.0 versions.
|
|||||
| CVE-2023-32957 | 1 Dazzlersoft | 1 Team Members Showcase | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions.
|
|||||
| CVE-2023-32802 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.
|
|||||
| CVE-2023-32801 | 1 Woocommerce | 1 Composite Products | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions.
|
|||||
| CVE-2023-32800 | 1 Rankmath | 1 Seo Pro | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <= 3.0.35 versions.
|
|||||
| CVE-2023-32797 | 1 I13websolution | 1 Video Carousel Slider With Lightbox | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions.
|
|||||
| CVE-2023-32796 | 1 Mingocommerce | 1 Woocommerce Product Enquiry | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions.
|
|||||
| CVE-2023-32793 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
|
|||||
| CVE-2023-32790 | 1 Nxlog | 1 Nxlog Manager | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.
|
|||||
| CVE-2023-32746 | 1 Woocommerce | 1 Woocommerce Brands | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
|
|||||
| CVE-2023-32740 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions.
|
|||||
| CVE-2023-32738 | 1 Xtendify | 1 Eonet Manual User Approve | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions.
|
|||||
| CVE-2023-32715 | 1 Splunk | 1 Splunk App For Lookup File Editing | 2024-11-21 | N/A | 4.7 MEDIUM |
|
In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will.
|
|||||
| CVE-2023-32711 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A | 5.4 MEDIUM |
|
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.
|
|||||
| CVE-2023-32693 | 1 Decidim | 1 Decidim | 2024-11-21 | N/A | 8.1 HIGH |
|
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was pat ...
Show More |
|||||
| CVE-2023-32686 | 1 Kiwitcms | 1 Kiwi Tcms | 2024-11-21 | N/A | 8.1 HIGH |
|
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files co ...
Show More |
|||||
| CVE-2023-32685 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1 ...
Show More |
|||||
| CVE-2023-32671 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.
|
|||||
| CVE-2023-32670 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Cross-Site Scripting vulnerability
in BuddyBoss 2.2.9 version
, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
|
|||||
| CVE-2023-32659 | 1 Subnet | 1 Powersystem Center | 2024-11-21 | N/A | 6.5 MEDIUM |
|
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.
|
|||||
| CVE-2023-32652 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | N/A | 8.0 HIGH |
|
PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks.
|
|||||
| CVE-2023-32624 | 1 Sakura | 1 Ts Webfonts | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
|
|||||
| CVE-2023-32607 | 1 Pleasanter | 1 Pleasanter | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
|
|||||
| CVE-2023-32603 | 1 Rednao | 1 Smart Donations | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions.
|
|||||
| CVE-2023-32600 | 1 Rankmath | 1 Seo | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.
|
|||||
| CVE-2023-32598 | 1 Shooflysolutions | 1 Featured Image Pro Post Grid | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions.
|
|||||
| CVE-2023-32597 | 1 I13websolution | 1 Video Gallery | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions.
|
|||||
| CVE-2023-32596 | 1 Wolfgangertl | 1 Weebotlite | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions.
|
|||||
| CVE-2023-32595 | 1 Palasthotel | 1 Sunny Search | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions.
|
|||||
| CVE-2023-32591 | 1 Cloudprimero | 1 Dbargain | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions.
|
|||||
| CVE-2023-32584 | 1 Ebecas | 1 Ebecas | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions.
|
|||||
| CVE-2023-32582 | 1 Don8 Project | 1 Don8 | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions.
|
|||||
| CVE-2023-32580 | 1 Wpexperts | 1 Password Protected | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions.
|
|||||
| CVE-2023-32578 | 1 Column-matic Project | 1 Column-matic | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Twinpictures Column-Matic plugin <= 1.3.3 versions.
|
|||||
| CVE-2023-32577 | 1 Devbuddy | 1 Twitter Feed | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions.
|
|||||
| CVE-2023-32576 | 1 Plainwaire | 1 Locatoraid Store Locator | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.
|
|||||
| CVE-2023-32575 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions.
|
|||||
| CVE-2023-32518 | 1 Wpplugins | 1 Wp Chinese Conversion | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions.
|
|||||
| CVE-2023-32516 | 1 Oracle | 1 Restaurant Menu - Food Ordering System - Table Reservation | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions.
|
|||||
| CVE-2023-32515 | 1 Custom Field Suite Project | 1 Custom Field Suite | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions.
|
|||||