Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32503 | 1 Gtmetrix | 1 Gtmetrix | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions. | |||||
| CVE-2023-27416 | 1 Decondigital | 1 Decon Wp Sms | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions. | |||||
| CVE-2023-29099 | 1 Elegant Themes | 1 Divi | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions. | |||||
| CVE-2023-27627 | 1 Eggemplo | 1 Woocommerce Email Report | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <= 2.4 versions. | |||||
| CVE-2023-24409 | 1 I13websolution | 1 Wp Responsive Tabs Horizontal Vertical And Accordion Tabs | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions. | |||||
| CVE-2023-25063 | 1 Anadnet | 1 Quick Page\/post Redirect Plugin | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions. | |||||
| CVE-2023-24413 | 1 I13websolution | 1 Wordpress Vertical Image Slider | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions. | |||||
| CVE-2023-27415 | 1 Themeqx | 1 Letterpress | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions. | |||||
| CVE-2023-25459 | 1 Postsnippets | 1 Post Snippets | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions. | |||||
| CVE-2023-25984 | 1 Rigorous-digital | 1 Dovetail | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions. | |||||
| CVE-2023-28931 | 1 Never5 | 1 Post Connector | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions. | |||||
| CVE-2023-38384 | 1 Syntacticsinc | 1 Easync | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3.7 versions. | |||||
| CVE-2023-32292 | 1 Getbutton | 1 Chat Button | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions. | |||||
| CVE-2023-28934 | 1 Paymentsplugin | 1 Wp Full Stripe Free | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions. | |||||
| CVE-2023-30482 | 1 Villatheme | 1 Wpbulky | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions. | |||||
| CVE-2023-31221 | 1 Ransomchristofferson | 1 Pdq Csv | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ransom Christofferson PDQ CSV plugin <= 1.0.0 versions. | |||||
| CVE-2023-36159 | 1 Lost And Found Information System Project | 1 Lost And Found Information System | 2023-08-09 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | |||||
| CVE-2023-39527 | 1 Prestashop | 1 Prestashop | 2023-08-09 | N/A | 6.1 MEDIUM |
| PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds. | |||||
| CVE-2023-4170 | 1 Dedebiz | 1 Dedebiz | 2023-08-09 | N/A | 4.8 MEDIUM |
| A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4167 | 1 Emby | 1 Emby.releases | 2023-08-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183. | |||||
| CVE-2023-39437 | 1 Sap | 1 Business One | 2023-08-09 | N/A | 5.4 MEDIUM |
| SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application. | |||||
| CVE-2023-36686 | 1 Cartflows | 1 Cartflows | 2023-08-09 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions. | |||||
| CVE-2023-38392 | 1 Wpgogo | 1 Custom Field Template | 2023-08-09 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions. | |||||
| CVE-2023-4187 | 1 Instantcms | 1 Instantcms | 2023-08-09 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-38766 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. | |||||
| CVE-2023-0604 | 1 Wpfoodmanager | 1 Wp Food Manager | 2023-08-09 | N/A | 5.4 MEDIUM |
| The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-3575 | 1 Expresstech | 1 Quiz And Survey Master | 2023-08-09 | N/A | 5.4 MEDIUM |
| The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-3492 | 1 Cmscommander | 1 Wp Shopping Pages | 2023-08-09 | N/A | 6.8 MEDIUM |
| The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2023-3524 | 1 Wpcode | 1 Wpcode | 2023-08-09 | N/A | 6.1 MEDIUM |
| The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | |||||
| CVE-2023-3671 | 1 Multiparcels | 1 Multiparcels Shipping For Woocommerce | 2023-08-09 | N/A | 6.1 MEDIUM |
| The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-3650 | 1 Wow-company | 1 Bubble Menu | 2023-08-09 | N/A | 4.8 MEDIUM |
| The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2023-38045 | 1 Admiror-design-studio | 1 Admiror Gallery | 2023-08-09 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements. | |||||
| CVE-2023-38761 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. | |||||
| CVE-2023-4189 | 1 Instantcms | 1 Instantcms | 2023-08-09 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2021-24330 | 1 Cartflows | 1 Cartflows | 2023-08-09 | 3.5 LOW | 4.8 MEDIUM |
| The Funnel Builder by CartFlows – Create High Converting Sales Funnels For WordPress plugin before 1.6.13 did not sanitise its facebook_pixel_id and google_analytics_id settings, allowing high privilege users to set XSS payload in them, which will either be executed on pages generated by the plugin, or the whole website depending on the settings used. | |||||
| CVE-2023-30491 | 1 Codebard | 1 Codebard\'s Patron Button And Widgets For Patreon | 2023-08-09 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.8 versions. | |||||
| CVE-2023-34010 | 1 Davidlingren | 1 Media Library Assistant | 2023-08-09 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin <= 3.0.7 versions. | |||||
| CVE-2023-36678 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2023-08-09 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions. | |||||
| CVE-2023-34377 | 1 Joedolson | 1 My Content Management | 2023-08-09 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions. | |||||
| CVE-2023-36689 | 1 Wpfactory | 1 Wpfactory Helper | 2023-08-09 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions. | |||||
| CVE-2023-37873 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-08-09 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | |||||
| CVE-2023-37874 | 1 Riverside | 1 Http Headers | 2023-08-09 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions. | |||||
| CVE-2023-4173 | 1 Moosocial | 1 Moostore | 2023-08-09 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208. | |||||
| CVE-2023-4174 | 1 Moosocial | 1 Moostore | 2023-08-09 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability. | |||||
| CVE-2023-4175 | 1 Moosocial | 1 Mootravel | 2023-08-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-20218 | 1 Cisco | 24 Spa500ds, Spa500ds Firmware, Spa500s and 21 more | 2023-08-09 | N/A | 6.1 MEDIUM |
| A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]] | |||||
| CVE-2023-20181 | 1 Cisco | 24 Spa500ds, Spa500ds Firmware, Spa500s and 21 more | 2023-08-09 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2023-4158 | 1 Omeka | 1 Omeka S | 2023-08-08 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3. | |||||
| CVE-2023-38964 | 1 Creativeitem | 1 Academy Learning Management System | 2023-08-08 | N/A | 6.1 MEDIUM |
| Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2023-4145 | 1 Pimcore | 1 Customer Data Framework | 2023-08-08 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. | |||||