Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24389 | 1 Brandid | 1 Social Proof \(testimonial\) Slider | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions. | |||||
| CVE-2021-23445 | 1 Datatables | 1 Datatables.net | 2023-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. | |||||
| CVE-2019-1701 | 1 Cisco | 14 Adaptive Security Appliance Software, Asa 5505, Asa 5510 and 11 more | 2023-08-15 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities. | |||||
| CVE-2018-0251 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the portal or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco ASA Software: 3000 Series Industrial Security Appliances, Adaptive Security Virtual Appliance (ASAv), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches, ASA Services Module for Cisco 7600 Series Routers. Cisco Bug IDs: CSCvh20742. | |||||
| CVE-2018-0242 | 1 Cisco | 11 Adaptive Security Appliance Software, Asa 5506-x, Asa 5506h-x and 8 more | 2023-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg33985. | |||||
| CVE-2017-6765 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve19179. | |||||
| CVE-2023-39000 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path. | |||||
| CVE-2023-39002 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-37488 | 1 Sap | 1 Netweaver Process Integration | 2023-08-15 | N/A | 6.1 MEDIUM |
| In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system. | |||||
| CVE-2023-38397 | 1 Eggemplo | 1 Gestion-pymes | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eggemplo Gestion-Pymes plugin <= 1.5.6 versions. | |||||
| CVE-2023-37388 | 1 Supito | 1 Mahato Simple Light Weight Social Share | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sudipto Pratap Mahato Simple Light Weight Social Share plugin <= 2.0 versions. | |||||
| CVE-2023-24009 | 1 Wpazure | 1 Upfrontwp | 2023-08-15 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions. | |||||
| CVE-2023-23900 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions. | |||||
| CVE-2023-23871 | 1 Webdzier | 1 Button | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions. | |||||
| CVE-2023-37988 | 1 Creative-solutions | 1 Contact Form Generator | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions. | |||||
| CVE-2023-3652 | 1 Digital-ant | 1 Digital Ant | 2023-08-15 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11. | |||||
| CVE-2023-37983 | 1 Keegnotrub | 1 Art Direction | 2023-08-15 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Noël Jackson Art Direction plugin <= 0.2.4 versions. | |||||
| CVE-2023-39314 | 1 Te-st | 1 Leyka | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions. | |||||
| CVE-2023-36306 | 1 Adiscon | 1 Loganalyzer | 2023-08-14 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components. | |||||
| CVE-2023-4203 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2023-08-14 | N/A | 5.4 MEDIUM |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. | |||||
| CVE-2023-4202 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2023-08-14 | N/A | 5.4 MEDIUM |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. | |||||
| CVE-2023-25929 | 1 Ibm | 1 Cognos Analytics | 2023-08-14 | N/A | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. | |||||
| CVE-2023-28530 | 1 Ibm | 1 Cognos Analytics | 2023-08-14 | N/A | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214. | |||||
| CVE-2022-31454 | 1 Yiiframework | 1 Yii | 2023-08-14 | N/A | 6.1 MEDIUM |
| ** DISPUTED ** Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2. | |||||
| CVE-2023-37728 | 1 Icewarp | 1 Icewarp | 2023-08-14 | N/A | 6.1 MEDIUM |
| IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | |||||
| CVE-2023-1119 | 2 Srbtranslatin Project, Updraftplus | 2 Srbtranslatin, Wp-optimize | 2023-08-14 | N/A | 6.1 MEDIUM |
| The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. | |||||
| CVE-2023-39006 | 1 Opnsense | 1 Opnsense | 2023-08-14 | N/A | 5.4 MEDIUM |
| The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization. | |||||
| CVE-2022-4115 | 1 Editorial Calendar Project | 1 Editorial Calendar | 2023-08-14 | N/A | 5.4 MEDIUM |
| The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users. | |||||
| CVE-2023-36314 | 1 Phpjabbers | 1 Callback Widget | 2023-08-11 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0. | |||||
| CVE-2023-36312 | 1 Phpjabbers | 1 Callback Widget | 2023-08-11 | N/A | 5.4 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. | |||||
| CVE-2023-36313 | 1 Phpjabbers | 1 Document Creator | 2023-08-11 | N/A | 6.1 MEDIUM |
| PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". | |||||
| CVE-2023-36315 | 1 Phpjabbers | 1 Callback Widget | 2023-08-11 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0. | |||||
| CVE-2017-6764 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-11 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd82064. | |||||
| CVE-2023-36310 | 1 Phpjabbers | 1 Document Creator | 2023-08-11 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | |||||
| CVE-2023-36309 | 1 Phpjabbers | 1 Document Creator | 2023-08-11 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. | |||||
| CVE-2022-44629 | 1 Catalystconnect | 1 Catalyst Connect Zoho Crm Client Portal | 2023-08-11 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions. | |||||
| CVE-2023-38347 | 1 Lw-systems | 1 Benno Mailarchiv | 2023-08-11 | N/A | 6.1 MEDIUM |
| An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox. | |||||
| CVE-2023-38758 | 1 Wger | 1 Workout Manager | 2023-08-11 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components. | |||||
| CVE-2021-41184 | 6 Drupal, Fedoraproject, Jqueryui and 3 more | 35 Drupal, Fedora, Jquery Ui and 32 more | 2023-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | |||||
| CVE-2023-39518 | 1 Fobybus | 1 Social-media-skeleton | 2023-08-10 | N/A | 5.4 MEDIUM |
| social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3. | |||||
| CVE-2023-32600 | 1 Rankmath | 1 Seo | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions. | |||||
| CVE-2023-4196 | 1 Agentejo | 1 Cockpit | 2023-08-10 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | |||||
| CVE-2023-27412 | 1 Everestthemes | 1 Mocho Blog | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions. | |||||
| CVE-2023-32503 | 1 Gtmetrix | 1 Gtmetrix | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions. | |||||
| CVE-2023-23829 | 1 Pierre-jehan | 1 Owl Carousel | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3 versions. | |||||
| CVE-2022-45821 | 1 Nootheme | 1 Noo Timetable | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. | |||||
| CVE-2023-27421 | 1 Everestthemes | 1 Everest News | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions. | |||||
| CVE-2023-29099 | 1 Elegant Themes | 1 Divi | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions. | |||||
| CVE-2023-23877 | 1 Bkmacdaddy | 1 Pinterest Rss Widget | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions. | |||||
| CVE-2023-23880 | 1 Monsterinsights | 1 Exactmetrics | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions. | |||||