Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37425 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | |||||
| CVE-2023-37423 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 5.4 MEDIUM |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | |||||
| CVE-2023-37422 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 5.4 MEDIUM |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | |||||
| CVE-2023-37421 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 5.4 MEDIUM |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | |||||
| CVE-2023-32516 | 1 Oracle | 1 Restaurant Menu - Food Ordering System - Table Reservation | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions. | |||||
| CVE-2023-32511 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 versions. | |||||
| CVE-2023-32510 | 1 Cagewebdev | 1 Order Your Posts Manually | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions. | |||||
| CVE-2023-39708 | 1 Free And Open Source Inventory Management System Project | 1 Free And Open Source Inventory Management System | 2023-08-29 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section. | |||||
| CVE-2023-4561 | 1 Omeka | 1 Omeka S | 2023-08-29 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4. | |||||
| CVE-2023-40750 | 1 Phpjabbers | 1 Yacht Listing Script | 2023-08-29 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. | |||||
| CVE-2023-40751 | 1 Phpjabbers | 1 Fundraising Script | 2023-08-29 | N/A | 6.1 MEDIUM |
| PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php. | |||||
| CVE-2023-40752 | 1 Phpjabbers | 1 Make An Offer Widget | 2023-08-29 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. | |||||
| CVE-2023-40753 | 1 Phpjabbers | 1 Ticket Support Script | 2023-08-29 | N/A | 5.4 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2. | |||||
| CVE-2023-40755 | 1 Phpjabbers | 1 Callback Widgets | 2023-08-29 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. | |||||
| CVE-2023-24394 | 1 Iframe Project | 1 Iframe | 2023-08-29 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions. | |||||
| CVE-2023-32518 | 1 Wpplugins | 1 Wp Chinese Conversion | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions. | |||||
| CVE-2023-38974 | 1 Uatech | 1 Badaso | 2023-08-29 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | |||||
| CVE-2023-38973 | 1 Uatech | 1 Badaso | 2023-08-29 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | |||||
| CVE-2023-32236 | 1 Bookingultrapro | 1 Appointments Booking Calendar | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions. | |||||
| CVE-2023-32496 | 1 Stopbadbots | 1 Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection | 2023-08-29 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions. | |||||
| CVE-2023-32498 | 1 Ays-pro | 1 Easy Form | 2023-08-29 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions. | |||||
| CVE-2023-32499 | 1 Netmix | 1 Radio Station | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions. | |||||
| CVE-2023-32505 | 1 Ciphercoin | 1 Easy Hide Login | 2023-08-29 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions. | |||||
| CVE-2023-32497 | 1 Supersoju | 1 Block Referer Spam | 2023-08-29 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <= 1.1.9.4 versions. | |||||
| CVE-2023-32300 | 1 Yoast | 1 Yoast Seo | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. | |||||
| CVE-2023-32509 | 1 Cagewebdev | 1 Order Your Posts Manually | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions. | |||||
| CVE-2023-40176 | 1 Xwiki | 1 Xwiki | 2023-08-29 | N/A | 5.4 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). This issue is present since version 4.1M2 when the time zone user preference was introduced. The issue has been fixed in XWiki 14.10.5 and 15.1RC1. | |||||
| CVE-2023-37439 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-4555 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-08-29 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238153 was assigned to this vulnerability. | |||||
| CVE-2023-30435 | 1 Ibm | 1 Security Guardium | 2023-08-29 | N/A | 5.4 MEDIUM |
| IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291. | |||||
| CVE-2022-43909 | 1 Ibm | 1 Security Guardium | 2023-08-29 | N/A | 5.4 MEDIUM |
| IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905. | |||||
| CVE-2023-30436 | 1 Ibm | 1 Security Guardium | 2023-08-29 | N/A | 5.4 MEDIUM |
| IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292. | |||||
| CVE-2023-32119 | 1 Wpo365 | 1 Mail Integration For Office 365 \/ Outlook | 2023-08-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions. | |||||
| CVE-2023-41098 | 1 Misp | 1 Misp | 2023-08-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | |||||
| CVE-2023-39599 | 1 Cszcms | 1 Csz Cms | 2023-08-28 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | |||||
| CVE-2023-41249 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | |||||
| CVE-2023-41250 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | |||||
| CVE-2023-41248 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | |||||
| CVE-2023-32797 | 1 I13websolution | 1 Video Carousel Slider With Lightbox | 2023-08-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. | |||||
| CVE-2023-32603 | 1 Rednao | 1 Smart Donations | 2023-08-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. | |||||
| CVE-2023-32575 | 1 Woocommerce | 1 Woocommerce | 2023-08-28 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. | |||||
| CVE-2023-32598 | 1 Shooflysolutions | 1 Featured Image Pro Post Grid | 2023-08-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions. | |||||
| CVE-2023-32595 | 1 Palasthotel | 1 Sunny Search | 2023-08-28 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions. | |||||
| CVE-2023-32596 | 1 Wolfgangertl | 1 Weebotlite | 2023-08-28 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions. | |||||
| CVE-2023-24514 | 1 Pandorafms | 1 Pandora Fms | 2023-08-26 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2023-24516 | 1 Pandorafms | 1 Pandora Fms | 2023-08-26 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2022-48547 | 1 Cacti | 1 Cacti | 2023-08-25 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php. | |||||
| CVE-2022-41444 | 1 Cacti | 1 Cacti | 2023-08-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php. | |||||
| CVE-2023-3936 | 1 Adenion | 1 Blog2social | 2023-08-25 | N/A | 6.1 MEDIUM |
| The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-3667 | 1 Bitapps | 1 Bit Assist | 2023-08-25 | N/A | 4.8 MEDIUM |
| The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||