Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32511 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 versions.
|
|||||
| CVE-2023-32510 | 1 Cagewebdev | 1 Order Your Posts Manually | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions.
|
|||||
| CVE-2023-32509 | 1 Cagewebdev | 1 Order Your Posts Manually | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions.
|
|||||
| CVE-2023-32505 | 1 Ciphercoin | 1 Easy Hide Login | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.
|
|||||
| CVE-2023-32503 | 1 Gtmetrix | 1 Gtmetrix | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions.
|
|||||
| CVE-2023-32499 | 1 Netmix | 1 Radio Station | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions.
|
|||||
| CVE-2023-32498 | 1 Ays-pro | 1 Easy Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions.
|
|||||
| CVE-2023-32497 | 1 Supersoju | 1 Block Referer Spam | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <= 1.1.9.4 versions.
|
|||||
| CVE-2023-32496 | 1 Stopbadbots | 1 Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions.
|
|||||
| CVE-2023-32445 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.
|
|||||
| CVE-2023-32339 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587.
|
|||||
| CVE-2023-32332 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.
|
|||||
| CVE-2023-32325 | 1 Posthog | 1 Posthog-js | 2024-11-21 | N/A | 5.4 MEDIUM |
|
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place.
|
|||||
| CVE-2023-32300 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions.
|
|||||
| CVE-2023-32298 | 1 Helgatheviking | 1 Simple User Listing | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Darling Simple User Listing plugin <= 1.9.2 versions.
|
|||||
| CVE-2023-32296 | 1 Kangu | 1 Kangu | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu para WooCommerce plugin <= 2.2.9 versions.
|
|||||
| CVE-2023-32294 | 1 Radicalwebdesign | 1 Gdpr Cookie Consent Notice Box | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Radical Web Design GDPR Cookie Consent Notice Box plugin <= 1.1.6 versions.
|
|||||
| CVE-2023-32292 | 1 Getbutton | 1 Chat Button | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions.
|
|||||
| CVE-2023-32291 | 1 Monsterinsights | 1 Monsterinsights | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through 8.14.1.
|
|||||
| CVE-2023-32241 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.
|
|||||
| CVE-2023-32239 | 1 Xtemos | 1 Woodmart Theme | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.
|
|||||
| CVE-2023-32237 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.
|
|||||
| CVE-2023-32236 | 1 Bookingultrapro | 1 Appointments Booking Calendar | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions.
|
|||||
| CVE-2023-32130 | 1 Danielpowney | 1 Multi Rating | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.
|
|||||
| CVE-2023-32122 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.
|
|||||
| CVE-2023-32119 | 1 Wpo365 | 1 Mail Integration For Office 365 \/ Outlook | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions.
|
|||||
| CVE-2023-32118 | 1 Wpoperation | 1 Salert - Fake Sales Notification Woocommerce | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperation SALERT – Fake Sales Notification WooCommerce plugin <= 1.2.1 versions.
|
|||||
| CVE-2023-32116 | 1 Totalpress | 1 Custom Post Types | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.
|
|||||
| CVE-2023-32109 | 1 Eduva | 1 Albo Pretorio Online | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.
|
|||||
| CVE-2023-32108 | 1 Eduva | 1 Albo Pretorio Online | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.
|
|||||
| CVE-2023-32107 | 1 Ays-pro | 1 Photo Gallery | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.
|
|||||
| CVE-2023-32106 | 1 Fahad Mahmood | 1 Wp Docs | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Mahmood WP Docs plugin <= 1.9.9 versions.
|
|||||
| CVE-2023-32105 | 1 Wp-pizza | 1 Wppizza | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.17.1 versions.
|
|||||
| CVE-2023-32103 | 1 Themepalace | 1 Tp Education | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <= 4.4 versions.
|
|||||
| CVE-2023-32102 | 1 Pexlechris | 1 Library Viewer | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <= 2.0.6 versions.
|
|||||
| CVE-2023-32089 | 1 Pega | 1 Platform | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
|
|||||
| CVE-2023-32088 | 1 Pega | 1 Platform | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
|
|||||
| CVE-2023-32087 | 1 Pega | 1 Platform | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation
|
|||||
| CVE-2023-32072 | 1 Enalean | 1 Tuleap | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a victim, also a Git administrator, execute uncontrolled code. Tuleap Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3, and Tuleap Ente ...
Show More |
|||||
| CVE-2023-32071 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.0 CRITICAL |
|
XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `<xwiki app>/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6 ...
Show More |
|||||