Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49189 | 1 Getsocial | 1 Social Share Buttons \& Analytics | 2023-12-21 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12. | |||||
| CVE-2023-1948 | 1 Phpgurukul | 1 Bp Monitoring Management System | 2023-12-21 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335. | |||||
| CVE-2023-36940 | 1 Phpgurukul | 1 Online Fire Reporting System | 2023-12-21 | N/A | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field. | |||||
| CVE-2023-36936 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2023-12-21 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box. | |||||
| CVE-2023-26958 | 1 Phpgurukul | 1 Park Ticketing Management System | 2023-12-21 | N/A | 4.8 MEDIUM |
| Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter. | |||||
| CVE-2023-33580 | 1 Phpgurukul | 1 Student Study Center Management System | 2023-12-21 | N/A | 4.8 MEDIUM |
| Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page. | |||||
| CVE-2022-34197 | 1 Jenkins | 1 Sauce Ondemand | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34195 | 1 Jenkins | 1 Repository Connector | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34786 | 1 Jenkins | 1 Rich Text Publisher | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | |||||
| CVE-2022-34777 | 1 Jenkins | 1 Gitlab | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34196 | 1 Jenkins | 1 Rest List Parameter | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34778 | 1 Jenkins | 1 Testng Results | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | |||||
| CVE-2022-34198 | 1 Jenkins | 1 Stash Branch Parameter | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34791 | 1 Jenkins | 1 Validating Email Parameter | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34783 | 1 Jenkins | 1 Plot | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34787 | 1 Jenkins | 1 Project Inheritance | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | |||||
| CVE-2022-34784 | 1 Jenkins | 1 Build-metrics | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | |||||
| CVE-2022-34788 | 1 Jenkins | 1 Matrix Reloaded | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | |||||
| CVE-2022-29530 | 1 Misp | 1 Misp | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | |||||
| CVE-2022-25321 | 1 Cerebrate-project | 1 Cerebrate | 2023-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component. | |||||
| CVE-2022-29531 | 1 Misp | 1 Misp | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | |||||
| CVE-2022-29533 | 1 Misp | 1 Misp | 2023-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | |||||
| CVE-2023-36941 | 1 Phpgurukul | 1 Online Fire Reporting System | 2023-12-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields. | |||||
| CVE-2022-24227 | 1 Boltwire | 1 Boltwire | 2023-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. | |||||
| CVE-2023-44766 | 1 Concretecms | 1 Concrete Cms | 2023-12-21 | N/A | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. | |||||
| CVE-2022-21932 | 1 Microsoft | 1 Dynamics 365 | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||
| CVE-2023-22933 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 6.1 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. | |||||
| CVE-2023-47620 | 1 Clockworkmod | 1 Scrypted | 2023-12-20 | N/A | 6.1 MEDIUM |
| Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available. | |||||
| CVE-2023-47623 | 1 Clockworkmod | 1 Scrypted | 2023-12-20 | N/A | 6.1 MEDIUM |
| Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available. | |||||
| CVE-2023-48582 | 1 Adobe | 1 Experience Manager | 2023-12-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-48583 | 1 Adobe | 1 Experience Manager | 2023-12-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48581 | 1 Adobe | 1 Experience Manager | 2023-12-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-31934 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | |||||
| CVE-2023-31935 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. | |||||
| CVE-2023-46998 | 1 Bootboxjs | 1 Bootbox | 2023-12-20 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions. | |||||
| CVE-2023-37743 | 1 Phpgurukul | 1 Teacher Subject Allocation System | 2023-12-20 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box. | |||||
| CVE-2023-23158 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page. | |||||
| CVE-2023-23157 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page. | |||||
| CVE-2023-23161 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. | |||||
| CVE-2023-6774 | 1 Codeastro | 1 Pos And Inventory Management System | 2023-12-20 | N/A | 5.4 MEDIUM |
| A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247910 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-49179 | 1 Avecnous | 1 Event Post | 2023-12-20 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6. | |||||
| CVE-2023-49178 | 1 Hdwplayer | 1 Hdw Player | 2023-12-20 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0. | |||||
| CVE-2023-6896 | 1 Oretnom23 | 1 Simple Image Stack Website | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255. | |||||
| CVE-2016-15032 | 1 Mh Httpbl Project | 1 Mh Httpbl | 2023-12-20 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is named a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-29023 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 6.1 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2023-29024 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 6.5 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2023-29025 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 5.9 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | |||||
| CVE-2015-10101 | 1 Google Analytics Top Content Widget Project | 1 Google Analytics Top Content Widget | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The identifier of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability. | |||||
| CVE-2015-10098 | 1 Wpmudev | 1 Broken Link Checker | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152. | |||||
| CVE-2016-15029 | 1 Mapicoin Project | 1 Mapicoin | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.10.0 is able to address this issue. The patch is identified as 67e87f0f0c1ac238fcd050f4c3db298229bc9679. It is recommended to upgrade the affected component. VDB-223402 is the identifier assigned to this vulnerability. | |||||