Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28849 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 10.0 CRITICAL |
|
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory.
|
|||||
| CVE-2023-28836 | 1 Torchbox | 1 Wagtail | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable ...
Show More |
|||||
| CVE-2023-28819 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A | 3.5 LOW |
|
Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.
|
|||||
| CVE-2023-28800 | 1 Zscaler | 1 Client Connector | 2024-11-21 | N/A | 8.1 HIGH |
|
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
|
|||||
| CVE-2023-28792 | 1 I13websolution | 1 Continuous Image Carosel With Lightbox | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.
|
|||||
| CVE-2023-28790 | 1 Simple Staff List Project | 1 Simple Staff List | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions.
|
|||||
| CVE-2023-28789 | 1 Cimatti | 1 Wordpress Contact Forms | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.
|
|||||
| CVE-2023-28785 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions.
|
|||||
| CVE-2023-28784 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.
|
|||||
| CVE-2023-28783 | 1 Phpradar | 1 Woocommerce Tip\/donation | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.
|
|||||
| CVE-2023-28781 | 1 Cimatti | 1 Wordpress Contact Forms | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.
|
|||||
| CVE-2023-28779 | 1 Simplecoding | 1 Terms Descriptions | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.
|
|||||
| CVE-2023-28778 | 1 Bestwebsoft | 1 Pagination | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions.
|
|||||
| CVE-2023-28776 | 1 I13websolution | 1 Continuous Image Carousel With Lightbox | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.
|
|||||
| CVE-2023-28774 | 1 Grade | 1 Review Stream | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <= 1.6.5 versions.
|
|||||
| CVE-2023-28773 | 1 Kolja-nolte | 1 Secondary Title | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kolja Nolte Secondary Title plugin <= 2.0.9.1 versions.
|
|||||
| CVE-2023-28751 | 1 Wpmet | 1 Wp Ultimate Review | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.
|
|||||
| CVE-2023-28750 | 1 Albo Pretorio On Line Project | 1 Albo Pretorio On Line | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6 versions.
|
|||||
| CVE-2023-28733 | 1 Acymailing | 1 Acymailing | 2024-11-21 | N/A | 7.2 HIGH |
|
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office.
This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
|
|||||
| CVE-2023-28705 | 1 Openfind | 1 Mail2000 | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
|
|||||
| CVE-2023-28695 | 1 Vigilantor Project | 1 Vigilantor | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Drew Phillips VigilanTor plugin <= 1.3.10 versions.
|
|||||
| CVE-2023-28693 | 1 Balasahebbhise | 1 Advanced Youtube Channel Pagination | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasaheb Bhise Advanced Youtube Channel Pagination plugin <= 1.0 version.
|
|||||
| CVE-2023-28692 | 1 Kevonadonis | 1 Wp Abstracts | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions.
|
|||||
| CVE-2023-28690 | 1 Marcosteinbrecher | 1 Wp Browserupdate | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.5 versions.
|
|||||
| CVE-2023-28687 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.
|
|||||
| CVE-2023-28648 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
|
|||||
| CVE-2023-28639 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.1 MEDIUM |
|
GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is fixed in versions 9.5.13 and 10.0.7.
|
|||||
| CVE-2023-28636 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 4.5 MEDIUM |
|
GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7.
|
|||||
| CVE-2023-28629 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | N/A | 5.4 MEDIUM |
|
GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that has permissions to configure GoCD pipelines could include JavaScript elements within the label template, causing a XSS vulnerability to be triggered for any users viewing the Value Stream Map or Job Detai ...
Show More |
|||||
| CVE-2023-28622 | 1 Tridenttechnolabs | 1 Easy Slider Revolution | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0 versions.
|
|||||
| CVE-2023-28621 | 1 Wishfulthemes | 2 Raise Mag, Wishful Blog | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1.
|
|||||
| CVE-2023-28620 | 1 Cyberuslabs | 1 Cyberus Key | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions.
|
|||||
| CVE-2023-28604 | 1 Sitegeist | 1 Fluid Components | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases.
|
|||||
| CVE-2023-28599 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.
|
|||||
| CVE-2023-28598 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A | 7.5 HIGH |
|
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.
|
|||||
| CVE-2023-28535 | 1 Commoninja | 1 Paytm Payment Donation | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Paytm Payment Donation plugin <= 2.2.0 versions.
|
|||||
| CVE-2023-28534 | 1 Wpjobportal | 1 Wp Job Portal | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin <= 2.0.0 versions.
|
|||||
| CVE-2023-28533 | 1 Nimbus | 1 Cab Grid | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Williams Cab Grid plugin <= 1.5.15 versions.
|
|||||
| CVE-2023-28530 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.
|
|||||
| CVE-2023-28529 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213.
|
|||||