Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7035 | 1 Automad | 1 Automad | 2023-12-29 | N/A | 5.4 MEDIUM |
| A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7036 | 1 Automad | 1 Automad | 2023-12-29 | N/A | 5.4 MEDIUM |
| A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-50833 | 1 Extendthemes | 1 Colibri Page Builder | 2023-12-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through 1.0.239. | |||||
| CVE-2023-6134 | 1 Redhat | 2 Keycloak, Single Sign-on | 2023-12-29 | N/A | 5.4 MEDIUM |
| A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748. | |||||
| CVE-2023-50828 | 1 Davidvongries | 1 Ultimate Dashboard | 2023-12-29 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11. | |||||
| CVE-2023-50824 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2023-12-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021. | |||||
| CVE-2023-50823 | 1 Wipeoutmedia | 1 Css \& Javascript Toolbox | 2023-12-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7. | |||||
| CVE-2023-50831 | 1 Villatheme | 1 Curcy | 2023-12-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0. | |||||
| CVE-2023-50830 | 1 Seosthemes | 1 Seos Contact Form | 2023-12-29 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS.This issue affects Seos Contact Form: from n/a through 1.8.0. | |||||
| CVE-2023-50829 | 1 Quick-plugins | 1 Loan Repayment Calculator And Application Form | 2023-12-29 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3. | |||||
| CVE-2023-50473 | 1 Billahmed | 1 Qbit Matui | 2023-12-29 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file. | |||||
| CVE-2021-28459 | 1 Microsoft | 1 Azure Devops Server | 2023-12-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2021-40440 | 1 Microsoft | 1 Dynamics 365 Business Central | 2023-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-36946 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2023-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-36950 | 1 Microsoft | 1 Dynamics 365 | 2023-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-51457 | 1 Adobe | 1 Experience Manager | 2023-12-28 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-51458 | 1 Adobe | 1 Experience Manager | 2023-12-28 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2022-45375 | 1 Cyberchimps | 1 Ifeature Slider | 2023-12-28 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. | |||||
| CVE-2022-3968 | 1 Emlog | 1 Emlog | 2023-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547. | |||||
| CVE-2022-3950 | 1 Publiccms | 1 Publiccms | 2023-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. | |||||
| CVE-2022-3716 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. | |||||
| CVE-2022-3497 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4830 | 1 Strangerstudios | 1 Paid Memberships Pro | 2023-12-28 | N/A | 5.4 MEDIUM |
| The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-45835 | 1 Libsyn | 1 Libsyn Publisher Hub | 2023-12-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions. | |||||
| CVE-2023-5641 | 1 Martinstools | 1 Free \& Easy Link Building | 2023-12-28 | N/A | 6.1 MEDIUM |
| The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-47272 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2023-12-28 | N/A | 6.1 MEDIUM |
| Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). | |||||
| CVE-2023-6945 | 1 Mayurik | 1 Online Student Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
| A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability. | |||||
| CVE-2022-3546 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3548 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048. | |||||
| CVE-2022-3587 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability. | |||||
| CVE-2023-42627 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-12-28 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code. | |||||
| CVE-2023-42628 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-12-28 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field. | |||||
| CVE-2023-42629 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-12-28 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field. | |||||
| CVE-2022-4393 | 1 Avirtum | 1 Imagelinks | 2023-12-28 | N/A | 5.4 MEDIUM |
| The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2023-50825 | 1 Jacksonwhelan | 1 Iframe Shortcode | 2023-12-28 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0. | |||||
| CVE-2023-0563 | 1 Phpgurukul | 1 Bank Locker Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
| A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability. | |||||
| CVE-2023-36942 | 1 Phpgurukul | 1 Online Fire Reporting System | 2023-12-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field. | |||||
| CVE-2023-7059 | 1 Remyandrade | 1 School Visitor Log E-book | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7057 | 1 Carmelogarcia | 1 Faculty Management System | 2023-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744. | |||||
| CVE-2023-7056 | 1 Carmelogarcia | 1 Faculty Management System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743. | |||||
| CVE-2023-7054 | 1 Phpgurukul | 1 Online Notes Sharing System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability. | |||||
| CVE-2023-47265 | 1 Apache | 1 Airflow | 2023-12-28 | N/A | 5.4 MEDIUM |
| Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users. Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability | |||||
| CVE-2023-50377 | 1 Ab-wp | 1 Simple Counter | 2023-12-27 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS.This issue affects Simple Counter: from n/a through 1.0.2. | |||||
| CVE-2023-50827 | 1 Accredible | 1 Accredible Certificates \& Open Badges | 2023-12-27 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8. | |||||
| CVE-2023-50826 | 1 Freshlightlab | 1 Menu Image\, Icons Made Easy | 2023-12-27 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS.This issue affects Menu Image, Icons made easy: from n/a through 3.10. | |||||
| CVE-2023-50566 | 1 Eyoucms | 1 Eyoucms | 2023-12-27 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter. | |||||
| CVE-2023-44286 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2023-12-27 | N/A | 6.1 MEDIUM |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2023-42015 | 1 Ibm | 1 Urbancode Deploy | 2023-12-27 | N/A | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512. | |||||
| CVE-2023-51460 | 1 Adobe | 1 Experience Manager | 2023-12-27 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-51459 | 1 Adobe | 1 Experience Manager | 2023-12-27 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||