Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31154 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details.
|
|||||
| CVE-2023-31153 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.
|
|||||
| CVE-2023-31145 | 1 Collabora | 1 Online | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account takeover attack. The vulnerability allows attackers to inject malicious code into web pages, which can be executed in the context of the victim's browser session. This means that an attacker can steal se ...
Show More |
|||||
| CVE-2023-31144 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
|
|||||
| CVE-2023-31094 | 1 Wptrio | 1 Stock Sync For Woocommerce | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.
|
|||||
| CVE-2023-31091 | 1 Pradeepsinghweb | 1 Dynamically Register Sidebars | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pradeep Singh Dynamically Register Sidebars plugin <= 1.0.1 versions.
|
|||||
| CVE-2023-31079 | 1 Thechrisroberts | 1 Tippy | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Roberts Tippy plugin <= 6.2.1 versions.
|
|||||
| CVE-2023-31076 | 1 Really-simple-plugins | 1 Recipe Maker For Your Food Blog From Zip Recipes | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.6 versions.
|
|||||
| CVE-2023-31074 | 1 Hupe13 | 1 Extensions For Leaflet Map | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <= 3.4.1 versions.
|
|||||
| CVE-2023-31072 | 1 Praveengoswami | 1 Advanced Category Template | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen Goswami Advanced Category Template plugin <= 0.1 versions.
|
|||||
| CVE-2023-31071 | 1 Ylefebvre | 1 Modal Dialog | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.14 versions.
|
|||||
| CVE-2023-31045 | 1 Backdropcms | 1 Backdrop | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or card) as an admin, the stored XSS payload is executed upon selecting a malicious text formatting option. NOTE: the vendor disputes the security relevance of this finding because "any administrator that can configure a text format could easily allow Fu ...
Show More |
|||||
| CVE-2023-30963 | 1 Palantir | 1 Foundry Frontend | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
|
|||||
| CVE-2023-30962 | 1 Palantir | 1 Gotham Cerberus | 2024-11-21 | N/A | 6.8 MEDIUM |
|
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .
|
|||||
| CVE-2023-30959 | 1 Palantir | 1 Apollo Autopilot | 2024-11-21 | N/A | 4.1 MEDIUM |
|
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
|
|||||
| CVE-2023-30958 | 1 Zabbix | 1 Frontend | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.
This defect was resolved with the release of Foundry Frontend 6.225.0.
|
|||||
| CVE-2023-30877 | 1 Icopydoc | 1 Xml For Google Merchant Center | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov XML for Google Merchant Center plugin <= 3.0.1 versions.
|
|||||
| CVE-2023-30876 | 1 Davidmichaelross | 1 Dave\'s Wordpress Live Search | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave Ross Dave's WordPress Live Search plugin <= 4.8.1 versions.
|
|||||
| CVE-2023-30875 | 1 Allmywebneeds | 1 Logo Scheduler | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All My Web Needs Logo Scheduler plugin <= 1.2.0 versions.
|
|||||
| CVE-2023-30874 | 1 Stpetedesign | 1 Gps Plotter | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Steve Curtis, St. Pete Design Gps Plotter plugin <= 5.1.4 versions.
|
|||||
| CVE-2023-30871 | 1 Webdados | 1 Stock Exporter For Woocommerce | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo Plugins (by Webdados) Stock Exporter for WooCommerce plugin <= 1.1.0 versions.
|
|||||
| CVE-2023-30868 | 1 Cms Tree Page View Project | 1 Cms Tree Page View | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions.
|
|||||
| CVE-2023-30860 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.0 HIGH |
|
WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a pat ...
Show More |
|||||
| CVE-2023-30838 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 8.5 HIGH |
|
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML at ...
Show More |
|||||
| CVE-2023-30786 | 1 Fuzzguard | 1 Captcha Them All | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benjamin Guy Captcha Them All plugin <= 1.3.3 versions.
|
|||||
| CVE-2023-30785 | 1 I13websolution | 1 Video Grid | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Grid plugin <= 1.21 versions.
|
|||||
| CVE-2023-30784 | 1 Kayastudio | 1 Kaya Qr Code Generator | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kaya Studio Kaya QR Code Generator plugin <= 1.5.2 versions.
|
|||||
| CVE-2023-30782 | 1 Churchadminplugin | 1 Church Admin | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.
|
|||||
| CVE-2023-30781 | 1 Themeblvd | 1 Tweeple | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Blvd Tweeple plugin <= 0.9.5 versions.
|
|||||
| CVE-2023-30780 | 1 Theguidex | 1 User Ip And Location | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TheGuideX User IP and Location plugin <= 2.2 versions.
|
|||||
| CVE-2023-30779 | 1 Daggerheart | 1 Query Wrangler | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan Daggerhart Query Wrangler plugin <= 1.5.51 versions.
|
|||||
| CVE-2023-30778 | 1 Blubrry | 1 Powerpress | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 versions.
|
|||||
| CVE-2023-30777 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.
|
|||||
| CVE-2023-30753 | 1 Ip Metaboxes Project | 1 Ip Metaboxes | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1.
|
|||||
| CVE-2023-30752 | 1 Gingertech | 1 External Videos | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silvia Pfeiffer and Andrew Nimmo External Videos plugin <= 2.0.1 versions.
|
|||||
| CVE-2023-30751 | 1 Icontrolwp | 1 Article Directory Redux | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions.
|
|||||
| CVE-2023-30749 | 1 Ihomefinder | 1 Optima Express \+ Marketboost Idx | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <= 7.3.0 versions.
|
|||||
| CVE-2023-30747 | 1 Wpgem | 1 Woocommerce Easy Duplicate Product | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem WooCommerce Easy Duplicate Product plugin <= 0.3.0.0 versions.
|
|||||
| CVE-2023-30746 | 1 Booqable | 1 Rental Software Booqable Rental | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <= 2.4.15 versions.
|
|||||
| CVE-2023-30745 | 1 Ip Metaboxes Project | 1 Ip Metaboxes | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1 versions.
|
|||||