Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0527 | 1 Online Security Guards Hiring System Project | 1 Online Security Guards Hiring System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.
|
|||||
| CVE-2023-0519 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
|
|||||
| CVE-2023-0488 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.
|
|||||
| CVE-2023-0470 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
|
|||||
| CVE-2023-0410 | 1 Builder | 1 Qwik | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.
|
|||||
| CVE-2023-0377 | 1 Robincornett | 1 Scriptless Social Sharing | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
|
|||||
| CVE-2023-0338 | 1 Daloradius | 1 Daloradius | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.
|
|||||
| CVE-2023-0337 | 1 Daloradius | 1 Daloradius | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.
|
|||||
| CVE-2023-0327 | 1 Theradsystem Project | 1 Theradsystem | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in saemorris TheRadSystem. It has been classified as problematic. Affected is an unknown function of the file users.php. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. VDB-218454 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-0323 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.
|
|||||
| CVE-2023-0322 | 1 Talentyazilim | 1 Unis | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 28376.
|
|||||
| CVE-2023-0320 | 1 University Information Management System Project | 1 University Information Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16.
|
|||||
| CVE-2023-0314 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
|
|||||
| CVE-2023-0313 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
|
|||||
| CVE-2023-0312 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
|
|||||
| CVE-2023-0310 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
|
|||||
| CVE-2023-0309 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
|
|||||
| CVE-2023-0308 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
|
|||||
| CVE-2023-0306 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
|
|||||
| CVE-2023-0301 | 1 Opencollective | 1 Alf.io | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301.
|
|||||
| CVE-2023-0300 | 1 Opencollective | 1 Alf.io | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.
|
|||||
| CVE-2023-0289 | 1 Webcalendar Project | 1 Webcalendar | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
|
|||||
| CVE-2023-0287 | 1 Favorites-web Project | 1 Favorites-web | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-0258 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Category List Handler. The manipulation of the argument Reason with the input "><script>prompt(1)</script> leads to cross site scripting. The attack may be launched remotely. VDB-218186 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-0246 | 1 Espcms | 1 Espcms | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-218154 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-0219 | 1 Wpmanageninja | 1 Fluentsmtp | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML.
|
|||||
| CVE-2023-0214 | 1 Trellix | 1 Skyhigh Secure Web Gateway | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.
|
|||||
| CVE-2023-0125 | 1 Control Id Panel Project | 1 Control Id Panel | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.
|
|||||
| CVE-2023-0119 | 1 Redhat | 2 Enterprise Linux, Satellite | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.
|
|||||
| CVE-2023-0112 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
|
|||||
| CVE-2023-0111 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
|
|||||
| CVE-2023-0110 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
|
|||||
| CVE-2023-0108 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
|
|||||
| CVE-2023-0107 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
|
|||||
| CVE-2023-0106 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
|
|||||
| CVE-2023-0094 | 1 Qoders | 1 Upqode Google Maps | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
|
|||||
| CVE-2023-0067 | 1 Timed Content Project | 1 Timed Content | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
|
|||||
| CVE-2023-0065 | 1 I2 Pros \& Cons Project | 1 I2 Pros \& Cons | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
|
|||||
| CVE-2023-0050 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.7 HIGH |
|
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.
|
|||||
| CVE-2023-0044 | 2 Quarkus, Redhat | 2 Quarkus, Build Of Quarkus | 2024-11-21 | N/A | 6.1 MEDIUM |
|
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
|
|||||