Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25964 | 1 Designextreme | 1 We\'re Open\! | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah Hearle, Design Extreme We’re Open! plugin <= 1.46 versions.
|
|||||
| CVE-2023-25963 | 1 Joomsky | 1 Js Job Manager | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.
|
|||||
| CVE-2023-25962 | 1 Oxilab | 1 Accordions | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions.
|
|||||
| CVE-2023-25961 | 1 Catchthemes | 1 Darcie | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions.
|
|||||
| CVE-2023-25958 | 1 Simple Tooltips Project | 1 Simple Tooltips | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions.
|
|||||
| CVE-2023-25929 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.
|
|||||
| CVE-2023-25928 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646.
|
|||||
| CVE-2023-25833 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 5.4 MEDIUM |
|
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
|
|||||
| CVE-2023-25827 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | N/A | 8.2 HIGH |
|
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.
|
|||||
| CVE-2023-25825 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A | 7.7 HIGH |
|
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.
|
|||||
| CVE-2023-25811 | 1 Uptime-kuma Project | 1 Uptime-kuma | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-25810 | 1 Uptime-kuma Project | 1 Uptime-kuma | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-25807 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 7.2 HIGH |
|
DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.
|
|||||
| CVE-2023-25798 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions.
|
|||||
| CVE-2023-25796 | 1 Wp Baidu Submit Project | 1 Wp Baidu Submit | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions.
|
|||||
| CVE-2023-25795 | 1 Wp-master | 1 Feed Changer \& Remover | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions.
|
|||||
| CVE-2023-25794 | 1 Nooz Project | 1 Nooz | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions.
|
|||||
| CVE-2023-25793 | 1 Link Juice Keeper Project | 1 Link Juice Keeper | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions.
|
|||||
| CVE-2023-25792 | 1 Wp Open Social Project | 1 Wp Open Social | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions.
|
|||||
| CVE-2023-25790 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
|
Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4.
|
|||||
| CVE-2023-25789 | 1 Tapfiliate | 1 Tapfiliate | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions.
|
|||||
| CVE-2023-25787 | 1 Wp Resource Download Management Project | 1 Wp Resource Download Management | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP资源下载管理 plugin <= 1.3.9 versions.
|
|||||
| CVE-2023-25786 | 1 Eyes Only User Access Shortcode Project | 1 Eyes Only User Access Shortcode | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions.
|
|||||
| CVE-2023-25784 | 1 Sticky Ad Bar Project | 1 Sticky Ad Bar | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions.
|
|||||
| CVE-2023-25783 | 1 Firecask Like \& Share Button Project | 1 Firecask Like \& Share Button | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions.
|
|||||
| CVE-2023-25782 | 1 Plustime | 1 Service Area Postcode Checker | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) vulnerability in Second2none Service Area Postcode Checker plugin <= 2.0.8 versions.
|
|||||
| CVE-2023-25781 | 1 Upload File Type Settings Plugin Project | 1 Upload File Type Settings Plugin | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions.
|
|||||
| CVE-2023-25716 | 1 Announce From The Dashboard Project | 1 Announce From The Dashboard | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.
|
|||||
| CVE-2023-25713 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
|
|||||
| CVE-2023-25712 | 1 Wp-buddy | 1 Google Analytics Opt-out | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.
|
|||||
| CVE-2023-25711 | 1 Wpglobus | 1 Wpglobus Translate Options | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions.
|
|||||
| CVE-2023-25710 | 1 Digitalblue | 1 Click To Call Or Chat Buttons | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions.
|
|||||
| CVE-2023-25705 | 1 Goprayer | 1 Wp Prayer | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions.
|
|||||
| CVE-2023-25704 | 1 Wpmart | 1 Interactive Svg Image Map Builder | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin <= 1.0 versions.
|
|||||
| CVE-2023-25702 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
|
|||||
| CVE-2023-25614 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.
|
|||||
| CVE-2023-25572 | 1 Marmelab | 2 Ra-ui-materialui, React-admin | 2024-11-21 | N/A | 5.4 MEDIUM |
|
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField>` are affected. `<RichTextField>` outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization. If the data isn't sanitized server-side, this opens a po ...
Show More |
|||||
| CVE-2023-25571 | 1 Linuxfoundation | 3 Backstage Catalog-model, Backstage Core-components, Backstage Plugin-catalog-backend | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicious actor with access to add or modify content in an instance of the Backstage software catalog to inject script URLs in the entities stored in the catalog. If users of the catalog then click on sai ...
Show More |
|||||
| CVE-2023-25553 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the
webserver.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
|
|||||
| CVE-2023-25551 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters
over HTTP.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
|
|||||