Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30743 | 1 Sap | 1 Sapui5 | 2024-11-21 | N/A | 7.1 HIGH |
|
Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.
|
|||||
| CVE-2023-30742 | 1 Sap | 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the ...
Show More |
|||||
| CVE-2023-30741 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
|
|||||
| CVE-2023-30627 | 1 Jellyfin | 1 Jellyfin | 2024-11-21 | N/A | 9.0 CRITICAL |
|
jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds.
|
|||||
| CVE-2023-30615 | 1 Dfir-iris | 1 Iris | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be auth ...
Show More |
|||||
| CVE-2023-30614 | 1 Pay Project | 1 Pay | 2024-11-21 | N/A | 7.1 HIGH |
|
Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even ...
Show More |
|||||
| CVE-2023-30564 | 1 Bd | 1 Alaris Systems Manager | 2024-11-21 | N/A | 6.9 MEDIUM |
|
Alaris Systems Manager does not perform input validation during the Device Import Function.
|
|||||
| CVE-2023-30563 | 1 Bd | 1 Alaris Systems Manager | 2024-11-21 | N/A | 8.2 HIGH |
|
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.
|
|||||
| CVE-2023-30538 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring t ...
Show More |
|||||
| CVE-2023-30500 | 1 Wpforms | 2 Contact Form, Wpforms | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions.
|
|||||
| CVE-2023-30499 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.32.7212 versions.
|
|||||
| CVE-2023-30498 | 1 Codeflavors | 1 Vimeotheque | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <= 2.2.1 versions.
|
|||||
| CVE-2023-30497 | 1 Simonchuang | 1 Wp Line Notify | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Chuang WP LINE Notify plugin <= 1.4.4 versions.
|
|||||
| CVE-2023-30496 | 1 Mage-people | 1 Bus Ticket Booking With Seat Reservation | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MagePeople Team WpBusTicketly plugin <= 5.2.5 versions.
|
|||||
| CVE-2023-30494 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.10 versions.
|
|||||
| CVE-2023-30493 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions.
|
|||||
| CVE-2023-30492 | 1 Varktech | 1 Minimum Purchase For Woocommerce | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <= 2.0.0.1 versions.
|
|||||
| CVE-2023-30491 | 1 Codebard | 1 Codebard\'s Patron Button And Widgets For Patreon | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.8 versions.
|
|||||
| CVE-2023-30489 | 1 I13websolution | 1 Email Subscription Popup | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions.
|
|||||
| CVE-2023-30487 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions.
|
|||||
| CVE-2023-30485 | 1 Solwininfotech | 1 Avartan-slider-lite | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider – Avartan Slider Lite plugin <= 1.5.3 versions.
|
|||||
| CVE-2023-30483 | 1 Kibokolabs | 1 Watu Quiz | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.9.2 versions.
|
|||||
| CVE-2023-30482 | 1 Villatheme | 1 Wpbulky | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions.
|
|||||
| CVE-2023-30481 | 1 Profosbox | 1 Agp Font Awesome Collection | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.
|
|||||
| CVE-2023-30477 | 1 Essitco | 1 Affiliate Solution | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <= 1.0 versions.
|
|||||
| CVE-2023-30475 | 1 Couponaffiliates | 1 Woocommerce Affiliate | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions.
|
|||||
| CVE-2023-30473 | 1 Icopydoc | 1 Yml For Yandex Market | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <= 3.10.7 versions.
|
|||||
| CVE-2023-30472 | 1 Mythemeshop | 1 Url Shortener | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeShop URL Shortener by MyThemeShop plugin <= 1.0.17 versions.
|
|||||
| CVE-2023-30471 | 1 Cornelraiu | 1 Wp Search Analytics | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.7 versions.
|
|||||
| CVE-2023-30469 | 2 Hitachi, Linux | 2 Ops Center Analyzer, Linux Kernel | 2024-11-21 | N/A | 7.6 HIGH |
|
Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.
|
|||||
| CVE-2023-30436 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A | 5.5 MEDIUM |
|
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292.
|
|||||
| CVE-2023-30435 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A | 8.9 HIGH |
|
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291.
|
|||||
| CVE-2023-30347 | 1 Stl | 1 Neox Dial Centre | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search.
|
|||||
| CVE-2023-30326 | 1 Chatengine Project | 1 Chatengine | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30322 | 1 Chatengine Project | 1 Chatengine | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30321 | 1 Chatengine Project | 1 Chatengine | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30320 | 1 Chatengine Project | 1 Chatengine | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30319 | 1 Chatengine Project | 1 Chatengine | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30148 | 1 Opart | 1 Multi Html Block | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.
|
|||||
| CVE-2023-2999 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
|
|||||