Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23467 | 1 Mediacp | 1 Media Control Panel | 2024-11-21 | N/A | 8.1 HIGH |
|
Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint.
|
|||||
| CVE-2023-23383 | 1 Microsoft | 1 Azure Service Fabric | 2024-11-21 | N/A | 8.2 HIGH |
|
Service Fabric Explorer Spoofing Vulnerability
|
|||||
| CVE-2023-23372 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h4.5.4. ...
Show More |
|||||
| CVE-2023-23208 | 3 Genesys, Linux, Microsoft | 3 Administrator Extension, Linux Kernel, Windows | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.
|
|||||
| CVE-2023-23161 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
|
|||||
| CVE-2023-23158 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page.
|
|||||
| CVE-2023-23157 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page.
|
|||||
| CVE-2023-22984 | 1 Axis | 2 207w, 207w Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.
|
|||||
| CVE-2023-22975 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.
|
|||||
| CVE-2023-22972 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
|
|||||
| CVE-2023-22933 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 8.0 HIGH |
|
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.
|
|||||
| CVE-2023-22932 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 8.7 HIGH |
|
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.
|
|||||
| CVE-2023-22921 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device.
|
|||||
| CVE-2023-22902 | 1 Openfind | 1 Mail2000 | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.
|
|||||
| CVE-2023-22868 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.
|
|||||
| CVE-2023-22860 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.
|
|||||
| CVE-2023-22857 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A | 8.5 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.
|
|||||
| CVE-2023-22856 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A | 8.5 HIGH |
|
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.
|
|||||
| CVE-2023-22843 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | N/A | 6.4 MEDIUM |
|
An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule.
Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for ...
Show More |
|||||
| CVE-2023-22838 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
|
|||||
| CVE-2023-22725 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.2 MEDIUM |
|
GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6.
|
|||||
| CVE-2023-22724 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.2 MEDIUM |
|
GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. This issue is patched in 10.0.6.
|
|||||
| CVE-2023-22722 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.8 MEDIUM |
|
GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6.
|
|||||
| CVE-2023-22721 | 1 Oi Yandex.maps Project | 1 Oi Yandex.maps | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions.
|
|||||
| CVE-2023-22720 | 1 Wp Links Page Project | 1 Wp Links Page | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions.
|
|||||
| CVE-2023-22718 | 1 User Meta Manager Project | 1 User Meta Manager | 2024-11-21 | N/A | 7.1 HIGH |
|
Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions.
|
|||||
| CVE-2023-22717 | 1 Ncrafts | 1 Formcraft | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in nCrafts FormCraft plugin <= 1.2.6 versions.
|
|||||
| CVE-2023-22716 | 1 Oopspam | 1 Oopspam Anti-spam | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions.
|
|||||
| CVE-2023-22715 | 1 Wp-commentnavi Project | 1 Wp-commentnavi | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions.
|
|||||
| CVE-2023-22713 | 1 Wpdownloadmanager | 1 Gutenberg Blocks For Wordpress Download Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions.
|
|||||
| CVE-2023-22712 | 1 Templatesnext | 1 Templatesnext Toolkit | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TemplatesNext TemplatesNext ToolKit plugin <= 3.2.7 versions.
|
|||||
| CVE-2023-22711 | 1 Agentevolution | 1 Impress Listings | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions.
|
|||||
| CVE-2023-22710 | 1 Return And Warranty Management System For Woocommerce Project | 1 Return And Warranty Management System For Woocommerce | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions.
|
|||||
| CVE-2023-22706 | 1 Wp-property-hive | 1 Propertyhive | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.48 versions.
|
|||||
| CVE-2023-22704 | 1 Mtrv | 1 Teachpress | 2024-11-21 | N/A | 7.1 HIGH |
|
Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions.
|
|||||
| CVE-2023-22703 | 1 Webcodin | 1 Wcp Contact Form | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP Contact Form plugin <= 3.1.0 versions.
|
|||||
| CVE-2023-22698 | 1 Theme Blvd Responsive Google Maps Project | 1 Theme Blvd Responsive Google Maps | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin <= 1.0.2 versions.
|
|||||
| CVE-2023-22696 | 1 Custom4web | 1 Affiliate Links Lite | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <= 2.5 versions.
|
|||||
| CVE-2023-22690 | 1 Shopfiles | 1 Ebook Store | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.775 versions.
|
|||||
| CVE-2023-22685 | 1 Tipsandtricks-hq | 1 Category Specific Rss Feed Subscription | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2 versions.
|
|||||