Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20159 | 1 Keynote Project | 1 Keynote | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10089 | 1 Flame.js Project | 1 Flame.js | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291. | |||||
| CVE-2017-20167 | 1 Minichan | 1 Minichan | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The identifier of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability. | |||||
| CVE-2015-10090 | 1 Inboundnow | 1 Landing-pages | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320. | |||||
| CVE-2014-125105 | 1 Managewp | 1 Broken Link Checker | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The patch is named 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659. | |||||
| CVE-2015-10093 | 1 Mark User As Spammer Project | 1 Mark User As Spammer | 2023-12-20 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability. | |||||
| CVE-2014-125097 | 1 Bestwebsoft | 1 Facebook Button | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The patch is identified as b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10094 | 1 Fastly | 1 Fastly | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-36637 | 1 Adminserv Project | 1 Adminserv | 2023-12-20 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-49185 | 1 Doofinder | 1 Doofinder | 2023-12-19 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7. | |||||
| CVE-2023-49184 | 1 Wpdeveloper | 1 Parallax Slider Block | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through 1.2.4. | |||||
| CVE-2023-49183 | 1 Nextscripts | 1 Social Networks Auto Poster | 2023-12-19 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2. | |||||
| CVE-2023-49182 | 1 Marzocca | 1 List All Posts By Authors Nested Categories And Titles | 2023-12-19 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10. | |||||
| CVE-2023-49181 | 1 Wp-eventmanager | 1 Wp Event Manager | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40. | |||||
| CVE-2023-49187 | 1 Spoonthemes | 1 Adifier | 2023-12-19 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. | |||||
| CVE-2023-49188 | 1 Zealousweb | 1 Track Geolocation Of Users Using Contact Form 7 | 2023-12-19 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4. | |||||
| CVE-2023-49175 | 1 Kreativopro | 1 Kp Fastest Tawk.to Chat | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1. | |||||
| CVE-2023-49174 | 1 Dfactory | 1 Responsive Lightbox | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5. | |||||
| CVE-2023-49176 | 1 Coderevolution | 1 Wp Pocket Urls | 2023-12-19 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2. | |||||
| CVE-2023-49180 | 1 Ternstyle | 1 Automatic Youtube Video Posts | 2023-12-19 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2. | |||||
| CVE-2023-49177 | 1 Gillesdumas | 1 Which Template File | 2023-12-19 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0. | |||||
| CVE-2023-49157 | 1 Andreasmuench | 1 Multiple Post Passwords | 2023-12-19 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1. | |||||
| CVE-2023-49152 | 1 Labs64 | 1 Credit Tracker | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17. | |||||
| CVE-2023-49151 | 1 Sureswiftcapital | 1 Simple Calendar | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar – Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar – Google Calendar Plugin: from n/a through 3.2.6. | |||||
| CVE-2023-49160 | 1 Formzu | 1 Formzu Wp | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.6. | |||||
| CVE-2023-49860 | 1 Wedevs | 1 Wp Project Manager | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7. | |||||
| CVE-2023-49842 | 1 Wpexperts | 1 Rocket Maintenance Mode \& Coming Soon Page | 2023-12-19 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.This issue affects Rocket Maintenance Mode & Coming Soon Page: from n/a through 4.3. | |||||
| CVE-2023-49150 | 1 Currencyratetoday | 1 Crypto Converter Widget | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1. | |||||
| CVE-2023-49149 | 1 Currencyratetoday | 1 Currency Converter Calculator | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1. | |||||
| CVE-2023-49739 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2023-12-19 | N/A | 6.1 MEDIUM |
| [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR] | |||||
| CVE-2023-48765 | 1 Tillkruss | 1 Email Address Encoder | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22. | |||||
| CVE-2023-48780 | 1 Maevelander | 1 Wp Catalogue | 2023-12-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6. | |||||
| CVE-2023-6367 | 1 Progress | 1 Whatsup Gold | 2023-12-19 | N/A | 5.4 MEDIUM |
| In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. | |||||
| CVE-2022-45365 | 1 Urosevic | 1 Stock Ticker | 2023-12-19 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševi? Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2. | |||||
| CVE-2023-6366 | 1 Progress | 1 Whatsup Gold | 2023-12-19 | N/A | 5.4 MEDIUM |
| In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. | |||||
| CVE-2023-40655 | 1 Mooj | 1 Proforms | 2023-12-19 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla. | |||||
| CVE-2023-49770 | 1 Petersplugins | 1 Smart External Link Click Monitor \[link Log\] | 2023-12-19 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2. | |||||
| CVE-2023-40656 | 1 Plasma-web | 1 Quickform | 2023-12-19 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability was discovered in the Quickform component for Joomla. | |||||
| CVE-2023-6365 | 1 Progress | 1 Whatsup Gold | 2023-12-19 | N/A | 5.4 MEDIUM |
| In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. | |||||
| CVE-2023-40659 | 1 Joomboost | 1 Easy Quick Contact | 2023-12-19 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla. | |||||
| CVE-2023-40658 | 1 Deconf | 1 Clicky Analytics Dashboard | 2023-12-19 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla. | |||||
| CVE-2023-41618 | 1 Emlog | 1 Emlog | 2023-12-19 | N/A | 6.1 MEDIUM |
| Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. | |||||
| CVE-2023-40657 | 1 Artio | 1 Joomdoc | 2023-12-19 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla. | |||||
| CVE-2023-49296 | 1 Arduino | 1 Create Agent | 2023-12-19 | N/A | 6.1 MEDIUM |
| The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue. | |||||
| CVE-2023-6364 | 1 Progress | 1 Whatsup Gold | 2023-12-19 | N/A | 5.4 MEDIUM |
| In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. | |||||
| CVE-2023-49577 | 1 Sap | 1 Human Capital Management | 2023-12-19 | N/A | 6.1 MEDIUM |
| The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. | |||||
| CVE-2023-6775 | 1 Codeastro | 1 Pos And Inventory Management System | 2023-12-19 | N/A | 6.1 MEDIUM |
| A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/item_con. The manipulation of the argument item_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247911. | |||||
| CVE-2023-6889 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-19 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. | |||||
| CVE-2023-6890 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-19 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. | |||||
| CVE-2023-6838 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2023-12-19 | N/A | 6.1 MEDIUM |
| Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests. | |||||