Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28525 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access | 2024-11-21 | N/A | 4.8 MEDIUM |
|
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.
|
|||||
| CVE-2023-28520 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | N/A | 6.4 MEDIUM |
|
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.
|
|||||
| CVE-2023-28499 | 1 Simonpedge | 1 Slide Anything-responsive Content\/html Slider And Carousel | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin <= 2.4.9 versions.
|
|||||
| CVE-2023-28496 | 1 Smtp2go | 1 Smtp2go | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin <= 1.4.2 versions.
|
|||||
| CVE-2023-28493 | 1 Machothemes | 1 Newsmag | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.
|
|||||
| CVE-2023-28490 | 1 Estatik | 1 Estatik Mortgage Calculator | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.
|
|||||
| CVE-2023-28485 | 1 Wekan Project | 1 Wekan | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.
|
|||||
| CVE-2023-28477 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.
|
|||||
| CVE-2023-28476 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files.
|
|||||
| CVE-2023-28475 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.
|
|||||
| CVE-2023-28474 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.
|
|||||
| CVE-2023-28467 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.
|
|||||
| CVE-2023-28439 | 2 Ckeditor, Fedoraproject | 2 Ckeditor, Fedora | 2024-11-21 | N/A | 4.7 MEDIUM |
|
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. ...
Show More |
|||||
| CVE-2023-28435 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.
|
|||||
| CVE-2023-28429 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.
|
|||||
| CVE-2023-28423 | 1 Prismtechstudios | 1 Modern Footnotes | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions.
|
|||||
| CVE-2023-28422 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions.
|
|||||
| CVE-2023-28418 | 1 Mediciti Lite Project | 1 Mediciti Lite | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <= 1.3.0 versions.
|
|||||
| CVE-2023-28415 | 1 Xootix | 1 Side Cart Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XootiX Side Cart Woocommerce (Ajax) plugin <= 2.2 versions.
|
|||||
| CVE-2023-28414 | 1 Apexchat | 1 Apexchat | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <= 1.3.1 versions.
|
|||||
| CVE-2023-28332 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.1 MEDIUM |
|
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
|
|||||
| CVE-2023-28314 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2023-28313 | 1 Microsoft | 1 Send Customer Voice Survey From Dynamics 365 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
|
|||||
| CVE-2023-28309 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 7.6 HIGH |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2023-28174 | 1 Elightup | 1 Erocket | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <= 1.2.4 versions.
|
|||||
| CVE-2023-28171 | 1 Wpchill | 1 Brilliance | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.
|
|||||
| CVE-2023-28169 | 1 Easy Event Calendar Project | 1 Easy Event Calendar | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions.
|
|||||
| CVE-2023-28166 | 1 Tags Cloud Manager Project | 1 Tags Cloud Manager | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions.
|
|||||
| CVE-2023-28106 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.
|
|||||
| CVE-2023-28083 | 2 Hp, Hpe | 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more | 2024-11-21 | N/A | 8.3 HIGH |
|
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.
|
|||||
| CVE-2023-28025 | 1 Hcltech | 1 Bigfix Modern Client Management | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage.
|
|||||
| CVE-2023-28017 | 1 Hcltech | 1 Connections | 2024-11-21 | N/A | 5.4 MEDIUM |
|
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
|
|||||
| CVE-2023-28014 | 1 Hcltech | 1 Bigfix Mobile | 2024-11-21 | N/A | 6.6 MEDIUM |
|
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.
|
|||||
| CVE-2023-28013 | 1 Hcltech | 1 Verse | 2024-11-21 | N/A | 6.5 MEDIUM |
|
HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
|
|||||
| CVE-2023-27922 | 1 Thenewsletterplugin | 1 Newsletter | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.
|
|||||
| CVE-2023-27890 | 1 Export User Project | 1 Export User | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2023-27864 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327.
|
|||||
| CVE-2023-27641 | 1 Lsoft | 1 Listserv | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.
|
|||||
| CVE-2023-27636 | 1 Progress | 1 Sitefinity | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
|
|||||
| CVE-2023-27631 | 1 Mmrs151 | 1 Daily Prayer Time | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions.
|
|||||