Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23995 | 1 Tinymce Custom Styles Project | 1 Tinymce Custom Styles | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions.
|
|||||
| CVE-2023-23994 | 1 Auto Hide Admin Bar Project | 1 Auto Hide Admin Bar | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions.
|
|||||
| CVE-2023-23987 | 1 Wpeverest | 1 User Registration | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.
|
|||||
| CVE-2023-23982 | 1 Wpfrom Email Project | 1 Wpfrom Email | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions.
|
|||||
| CVE-2023-23981 | 1 Quantumcloud | 1 Conversational Forms For Chatbot | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.
|
|||||
| CVE-2023-23980 | 1 Mailoptin | 1 Mailoptin | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions.
|
|||||
| CVE-2023-23979 | 1 Fullworksplugins | 1 Quick Event Manager | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.
|
|||||
| CVE-2023-23977 | 1 Heateor | 1 Social Comments | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions.
|
|||||
| CVE-2023-23972 | 1 Wpdevart | 1 Social Like Box And Page | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions.
|
|||||
| CVE-2023-23971 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.
|
|||||
| CVE-2023-23942 | 1 Nextcloud | 1 Desktop | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.
|
|||||
| CVE-2023-23938 | 1 Enalean | 1 Tuleap | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue ...
Show More |
|||||
| CVE-2023-23927 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
|
|||||
| CVE-2023-23922 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
|
|||||
| CVE-2023-23921 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
|
|||||
| CVE-2023-23900 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions.
|
|||||
| CVE-2023-23898 | 1 Creativethemes | 1 Blocksy Companion | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions.
|
|||||
| CVE-2023-23894 | 1 Surbma | 1 Gdpr Proof Cookie Consent \& Notice Bar | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions.
|
|||||
| CVE-2023-23892 | 1 M Chart Project | 1 M Chart | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jamie Poitra M Chart plugin <= 1.9.4 versions.
|
|||||
| CVE-2023-23891 | 1 Oceanwp | 1 Ocean Extra | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.1 versions. Needs the OceanWP theme installed and activated.
|
|||||
| CVE-2023-23889 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
|
|||||
| CVE-2023-23885 | 1 Fullworksplugins | 1 Quick Contact Form | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.
|
|||||
| CVE-2023-23884 | 1 Kanbanwp | 1 Kanban Boards For Wordpress | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.
|
|||||
| CVE-2023-23883 | 1 Wp Content Filter - Censor All Offensive Content From Your Site Project | 1 Wp Content Filter - Censor All Offensive Content From Your Site | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions.
|
|||||
| CVE-2023-23881 | 1 Greentreelabs | 1 Circles Gallery | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions.
|
|||||
| CVE-2023-23880 | 1 Monsterinsights | 1 Exactmetrics | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions.
|
|||||
| CVE-2023-23877 | 1 Bkmacdaddy | 1 Pinterest Rss Widget | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions.
|
|||||
| CVE-2023-23876 | 1 Tms-outsource | 1 Wpdatatables | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.
|
|||||
| CVE-2023-23875 | 1 Bing Site Verification Plugin Using Meta Tag Project | 1 Bing Site Verification Plugin Using Meta Tag | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions.
|
|||||
| CVE-2023-23874 | 1 Metaphorcreations | 1 Ditty | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions.
|
|||||
| CVE-2023-23873 | 1 Bbspoiler Project | 1 Bbspoiler | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flector BBSpoiler plugin <= 2.01 versions.
|
|||||
| CVE-2023-23871 | 1 Webdzier | 1 Button | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions.
|
|||||
| CVE-2023-23870 | 1 Wpdevart | 1 Responsive Vertical Icon Menu | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions.
|
|||||
| CVE-2023-23867 | 1 Buttons X Project | 1 Buttons X | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin <= 0.8.6 versions.
|
|||||
| CVE-2023-23866 | 1 Interactive Geo Maps Project | 1 Interactive Geo Maps | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Carlos Moreira Interactive Geo Maps plugin <= 1.5.8 versions.
|
|||||
| CVE-2023-23864 | 1 Very Simple Google Maps Project | 1 Very Simple Google Maps | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Michael Aronoff Very Simple Google Maps plugin <= 2.8.4 versions.
|
|||||
| CVE-2023-23863 | 1 Blackandwhitedigital | 1 Treepress | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.
|
|||||
| CVE-2023-23862 | 1 Vertical Scroll Recent Post Project | 1 Vertical Scroll Recent Post | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions.
|
|||||
| CVE-2023-23859 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information.
|
|||||
| CVE-2023-23858 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application.
|
|||||