Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27629 | 1 Geminilabs | 1 Site Reviews | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.
|
|||||
| CVE-2023-27628 | 1 Sitekit Project | 1 Sitekit | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions.
|
|||||
| CVE-2023-27627 | 1 Eggemplo | 1 Woocommerce Email Report | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <= 2.4 versions.
|
|||||
| CVE-2023-27624 | 1 Redirect After Login Project | 1 Redirect After Login | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.
|
|||||
| CVE-2023-27622 | 1 Guruwalk | 1 Guruwalk Affiliates | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions.
|
|||||
| CVE-2023-27621 | 1 Mrdemonwolf | 1 Livestream Notice | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions.
|
|||||
| CVE-2023-27620 | 1 Robogallery | 1 Robo Gallery | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.
|
|||||
| CVE-2023-27619 | 1 Machothemes | 1 Regina Lite | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.
|
|||||
| CVE-2023-27618 | 1 Agilelogix | 1 Store Locator | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.
|
|||||
| CVE-2023-27617 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
|
|||||
| CVE-2023-27616 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
|
|||||
| CVE-2023-27614 | 1 Motor Racing League Project | 1 Motor Racing League | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox Motor Racing League plugin <= 1.9.9 versions.
|
|||||
| CVE-2023-27613 | 1 Monitorclick | 1 Forms Ada | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorClick Forms Ada – Form Builder plugin <= 1.0 versions.
|
|||||
| CVE-2023-27612 | 1 Geminilabs | 1 Site Reviews | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.
|
|||||
| CVE-2023-27592 | 1 Miniflux Project | 1 Miniflux | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors.
When an outbound request made by the Go HTTP client fails, the `html.ServerError` is returned unescaped without the expected Content Security Policy header added to valid responses.
By creating an RSS feed item with the inline description containing an `<img>` tag with a `srcset` attribute pointing to an invalid URL like `http:a<script>alert(1)</script>`, we can ...
Show More |
|||||
| CVE-2023-27515 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A | 8.1 HIGH |
|
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2023-27499 | 1 Sap | 2 Netweaver, Netweaver Application Server Abap | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacke ...
Show More |
|||||
| CVE-2023-27494 | 1 Snowflake | 1 Streamlit | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit app(s) were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app. The attacker could then trick the user into visiting the malicious URL and, if successful, the server would render the malicious javascript payload as-is, leading to XSS. Version 0.8 ...
Show More |
|||||
| CVE-2023-27489 | 1 Kiwitcms | 1 Kiwi Tcms | 2024-11-21 | N/A | 7.6 HIGH |
|
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code could execute. This vulnerability has been fixed by configuring Kiwi TCMS to serve with the Content-Security-Policy HTTP header which blocks inline JavaScript in all modern browsers. This configuration change is provided in ...
Show More |
|||||
| CVE-2023-27474 | 1 Rangerstudio | 1 Directus | 2024-11-21 | N/A | 8.0 HIGH |
|
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the cust ...
Show More |
|||||
| CVE-2023-27472 | 1 Quickentity Editor Project | 1 Quickentity Editor | 2024-11-21 | N/A | 8.2 HIGH |
|
quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-27455 | 1 Mauimarketing | 1 Update Image Tag Alt Attribute | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin <= 2.4.5 versions.
|
|||||
| CVE-2023-27452 | 1 Wow-estore | 1 Button Generator - Easily Button Builder | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions.
|
|||||
| CVE-2023-27450 | 1 Te-st | 1 Leyka | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.
|
|||||
| CVE-2023-27443 | 1 Simple Vimeo Shortcode Project | 1 Simple Vimeo Shortcode | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions.
|
|||||
| CVE-2023-27439 | 1 New Adman Project | 1 New Adman | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.
|
|||||
| CVE-2023-27432 | 1 Manage Upload Limit Project | 1 Manage Upload Limit | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <= 1.0.4 versions.
|
|||||
| CVE-2023-27429 | 1 Automattic | 1 Jetpack Crm | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.
|
|||||
| CVE-2023-27427 | 1 Ntzapps | 1 Crm Memberships | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions.
|
|||||
| CVE-2023-27426 | 1 Notifyvisitors | 1 Notifyvisitors | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.
|
|||||
| CVE-2023-27425 | 1 Electric Studio Client Login Project | 1 Electric Studio Client Login | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.
|
|||||
| CVE-2023-27422 | 1 Nsthemes | 1 Ns Coupon To Become Customer | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions.
|
|||||
| CVE-2023-27421 | 1 Everestthemes | 1 Everest News | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions.
|
|||||
| CVE-2023-27420 | 1 Everestthemes | 1 Arya Multipurpose | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions.
|
|||||
| CVE-2023-27419 | 1 Everestthemes | 1 Viable Blog | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Viable Blog theme <= 1.1.4 versions.
|
|||||
| CVE-2023-27416 | 1 Decondigital | 1 Decon Wp Sms | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions.
|
|||||
| CVE-2023-27415 | 1 Themeqx | 1 Letterpress | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions.
|
|||||
| CVE-2023-27414 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
|
|||||
| CVE-2023-27413 | 1 W4 Post List Project | 1 W4 Post List | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions.
|
|||||
| CVE-2023-27412 | 1 Everestthemes | 1 Mocho Blog | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions.
|
|||||