Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29188 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2024-11-21 | N/A | 5.4 MEDIUM |
|
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.
|
|||||
| CVE-2023-29183 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 8.0 HIGH |
|
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.
|
|||||
| CVE-2023-29172 | 1 Wp-property-hive | 1 Propertyhive | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.
|
|||||
| CVE-2023-29171 | 1 Magic-post-thumbnail | 1 Magic Post Thumbnail | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions.
|
|||||
| CVE-2023-29170 | 1 Piwebsolution | 1 Product Enquiry For Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.
|
|||||
| CVE-2023-29112 | 1 Sap | 1 Application Interface | 2024-11-21 | N/A | 3.7 LOW |
|
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.
|
|||||
| CVE-2023-29110 | 1 Sap | 4 Abap Platform, Application Interface Framework, Basis and 1 more | 2024-11-21 | N/A | 3.7 LOW |
|
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.
|
|||||
| CVE-2023-29101 | 1 Muffingroup | 1 Betheme | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions.
|
|||||
| CVE-2023-29100 | 1 Dream-theme | 1 The7 | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions.
|
|||||
| CVE-2023-29098 | 1 Artistscope | 1 Copysafe Web Protection | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions.
|
|||||
| CVE-2023-29097 | 1 A3rev | 1 A3 Portfolio | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <= 3.1.0 versions.
|
|||||
| CVE-2023-29094 | 1 Piwebsolution | 1 Product Page Shipping Calculator For Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions.
|
|||||
| CVE-2023-29093 | 1 Piwebsolution | 1 Conditional Cart Fee \/ Extra Charge Rule For Woocommerce Extra Fees | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions.
|
|||||
| CVE-2023-29049 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.
|
|||||
| CVE-2023-29045 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.
|
|||||
| CVE-2023-29044 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.
|
|||||
| CVE-2023-29043 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.
|
|||||
| CVE-2023-29031 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2024-11-21 | N/A | 7.0 HIGH |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
|
|||||
| CVE-2023-29030 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2024-11-21 | N/A | 7.0 HIGH |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
|
|||||
| CVE-2023-29025 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
|
|||||
| CVE-2023-29024 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
|
|||||
| CVE-2023-29023 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2024-11-21 | N/A | 7.0 HIGH |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.
|
|||||
| CVE-2023-29016 | 1 Intranda | 1 Goobi Viewer Core | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03.
|
|||||
| CVE-2023-29015 | 1 Intranda | 1 Goobi Viewer Core | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.
|
|||||
| CVE-2023-29014 | 1 Intranda | 1 Goobi Viewer Core | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. The vulnerability has been fixed in version 23.03.
|
|||||
| CVE-2023-29009 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.
|
|||||
| CVE-2023-28994 | 1 Uxthemes | 1 Flatsome | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-themes Flatsome plugin <= 3.16.8 versions.
|
|||||
| CVE-2023-28993 | 1 Albo Pretorio On Line Project | 1 Albo Pretorio On Line | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions.
|
|||||
| CVE-2023-28992 | 1 Relywp | 1 Coupon Affiliates | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin <= 5.4.3 versions.
|
|||||
| CVE-2023-28991 | 1 Piwebsolution | 1 Pi-woocommerce-order-date-time-and-type | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19 versions.
|
|||||
| CVE-2023-28988 | 1 Piwebsolution | 1 Add-to-cart-direct-checkout-for-woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <= 2.1.48 versions.
|
|||||
| CVE-2023-28934 | 1 Paymentsplugin | 1 Wp Full Stripe Free | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.
|
|||||
| CVE-2023-28933 | 1 Stpetedesign | 1 Call Now Accessibility Button | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <= 1.1 versions.
|
|||||
| CVE-2023-28931 | 1 Never5 | 1 Post Connector | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions.
|
|||||
| CVE-2023-28884 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
|
|||||
| CVE-2023-28875 | 1 Afian | 1 Filerun | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link.
|
|||||
| CVE-2023-28873 | 1 Seafile | 1 Seafile | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.
|
|||||
| CVE-2023-28852 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 4.8 MEDIUM |
|
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue.
|
|||||
| CVE-2023-28851 | 1 Bigfork | 1 Silverstripe Form Capture | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack. The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-pa ...
Show More |
|||||
| CVE-2023-28850 | 1 Pimcore | 1 Perspective Editor | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually.
|
|||||