Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4308 | 1 Plugin-planet | 1 User Submitted Posts | 2023-08-21 | N/A | 5.4 MEDIUM |
| The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-3721 | 1 Lesterchan | 1 Wp-email | 2023-08-21 | N/A | 4.8 MEDIUM |
| The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-26961 | 1 Alteryx | 1 Alteryx Server | 2023-08-21 | N/A | 4.8 MEDIUM |
| Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request. | |||||
| CVE-2023-28773 | 1 Kolja-nolte | 1 Secondary Title | 2023-08-21 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kolja Nolte Secondary Title plugin <= 2.0.9.1 versions. | |||||
| CVE-2023-3328 | 1 Custom Field For Wp Job Manager Project | 1 Custom Field For Wp Job Manager | 2023-08-21 | N/A | 4.8 MEDIUM |
| The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-2803 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2023-08-21 | N/A | 6.1 MEDIUM |
| The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2023-3645 | 1 Bitapps | 1 Contact Form Builder | 2023-08-21 | N/A | 4.8 MEDIUM |
| The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-2802 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2023-08-21 | N/A | 4.8 MEDIUM |
| The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-2606 | 1 Brutalplugins | 1 Wp Brutal Ai | 2023-08-21 | N/A | 4.8 MEDIUM |
| The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-30477 | 1 Essitco | 1 Affiliate Solution | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <= 1.0 versions. | |||||
| CVE-2023-37070 | 1 Code-projects | 1 Hospital Information System | 2023-08-18 | N/A | 4.8 MEDIUM |
| Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS) | |||||
| CVE-2023-30483 | 1 Kibokolabs | 1 Watu Quiz | 2023-08-18 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.9.2 versions. | |||||
| CVE-2023-29097 | 1 A3rev | 1 A3 Portfolio | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <= 3.1.0 versions. | |||||
| CVE-2023-30475 | 1 Couponaffiliates | 1 Woocommerce Affiliate | 2023-08-18 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions. | |||||
| CVE-2023-40342 | 1 Jenkins | 1 Flaky Test Handler | 2023-08-18 | N/A | 5.4 MEDIUM |
| Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents. | |||||
| CVE-2023-40346 | 1 Jenkins | 1 Shortcut Job | 2023-08-18 | N/A | 5.4 MEDIUM |
| Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs. | |||||
| CVE-2023-40350 | 1 Jenkins | 1 Docker Swarm | 2023-08-18 | N/A | 5.4 MEDIUM |
| Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker. | |||||
| CVE-2023-31942 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php. | |||||
| CVE-2023-30489 | 1 I13websolution | 1 Email Subscription Popup | 2023-08-18 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions. | |||||
| CVE-2023-30752 | 1 Gingertech | 1 External Videos | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silvia Pfeiffer and Andrew Nimmo External Videos plugin <= 2.0.1 versions. | |||||
| CVE-2023-30751 | 1 Icontrolwp | 1 Article Directory Redux | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions. | |||||
| CVE-2023-30749 | 1 Ihomefinder | 1 Optima Express \+ Marketboost Idx | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <= 7.3.0 versions. | |||||
| CVE-2020-19952 | 1 Jbt | 1 Live \(github-flavored\) Markdown Editor | 2023-08-18 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file. | |||||
| CVE-2023-3937 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2023-08-18 | N/A | 4.8 MEDIUM |
| Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser | |||||
| CVE-2023-28535 | 1 Commoninja | 1 Paytm Payment Donation | 2023-08-18 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Paytm Payment Donation plugin <= 2.2.0 versions. | |||||
| CVE-2021-27524 | 1 Margox | 1 Braft-editor | 2023-08-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. | |||||
| CVE-2020-28717 | 1 Kindsoft | 1 Kindeditor | 2023-08-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code. | |||||
| CVE-2020-28849 | 1 Churchcrm | 1 Churchcrm | 2023-08-17 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module. | |||||
| CVE-2023-22843 | 1 Nozominetworks | 2 Cmc, Guardian | 2023-08-16 | N/A | 4.8 MEDIUM |
| An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule. An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules. The injected code will be executed in the context of the authenticated victim's session. | |||||
| CVE-2023-39955 | 1 Nextcloud | 1 Notes | 2023-08-16 | N/A | 6.1 MEDIUM |
| Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available. | |||||
| CVE-2023-23828 | 1 Swas | 1 Wp Category Post List | 2023-08-16 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <= 2.0.3 versions. | |||||
| CVE-2020-3599 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2023-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-12695 | 1 Cisco | 13 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 10 more | 2023-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2023-24393 | 1 Wpmart | 1 Animated Number Counters | 2023-08-16 | N/A | 5.4 MEDIUM |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions. | |||||
| CVE-2020-25915 | 1 Thinkcmf | 1 Thinkcmf | 2023-08-16 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. | |||||
| CVE-2020-24075 | 1 Laborator | 1 Kalium | 2023-08-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-20523 | 1 Gilacms | 1 Gila Cms | 2023-08-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation. | |||||
| CVE-2020-27449 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2023-08-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | |||||
| CVE-2020-24872 | 1 Lepton-cms | 1 Leptoncms | 2023-08-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code. | |||||
| CVE-2023-34374 | 1 Anspress | 1 Anspress | 2023-08-16 | N/A | 4.8 MEDIUM |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <= 4.3.0 versions. | |||||
| CVE-2023-36530 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2023-08-16 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions. | |||||
| CVE-2023-3653 | 1 Digital-ant | 1 Digital Ant | 2023-08-16 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11. | |||||
| CVE-2023-28779 | 1 Simplecoding | 1 Terms Descriptions | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions. | |||||
| CVE-2023-24391 | 1 Spiderteams | 1 Applyonline - Application Form Builder And Manager | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions. | |||||
| CVE-2023-4283 | 1 Wpdeveloper | 1 Embedpress | 2023-08-15 | N/A | 5.4 MEDIUM |
| The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-38333 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-08-15 | N/A | 6.1 MEDIUM |
| Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | |||||
| CVE-2023-37625 | 1 Netbox Project | 1 Netbox | 2023-08-15 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates. | |||||
| CVE-2023-30481 | 1 Profosbox | 1 Agp Font Awesome Collection | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions. | |||||
| CVE-2023-23826 | 1 Webmechanix | 1 Add Posts To Pages | 2023-08-15 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arsham Mirshah Add Posts to Pages plugin <= 1.4.1 versions. | |||||
| CVE-2023-23798 | 1 Web-settler | 1 Layer Slider | 2023-08-15 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions. | |||||