Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48466 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48464 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48465 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48463 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48462 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48444 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-48445 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48446 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48467 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48447 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-31546 | 1 Dedebiz | 1 Dedebiz | 2023-12-18 | N/A | 9.6 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature. | |||||
| CVE-2023-41621 | 1 Emlog | 1 Emlog | 2023-12-18 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. | |||||
| CVE-2023-49828 | 1 Automattic | 1 Woopayments | 2023-12-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2. | |||||
| CVE-2023-49833 | 1 Brainstormforce | 1 Spectra | 2023-12-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9. | |||||
| CVE-2023-49827 | 1 Pencidesign | 1 Soledad | 2023-12-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | |||||
| CVE-2023-48756 | 1 Motopress | 1 Jetblocks For Elementor | 2023-12-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8. | |||||
| CVE-2023-48767 | 1 Tes-india | 1 Mytube Playlist | 2023-12-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3. | |||||
| CVE-2023-49841 | 1 Fancythemes | 1 Optin Forms | 2023-12-18 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3. | |||||
| CVE-2023-5769 | 1 Hitachienergy | 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more | 2023-12-18 | N/A | 6.1 MEDIUM |
| A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized. | |||||
| CVE-2023-50370 | 1 Livemeshthemes | 1 Wpbakery Page Builder Addons | 2023-12-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5. | |||||
| CVE-2023-47324 | 1 Silverpeas | 1 Silverpeas | 2023-12-18 | N/A | 5.4 MEDIUM |
| Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. | |||||
| CVE-2023-6767 | 1 Remyandrade | 1 Wedding Guest E-book | 2023-12-18 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-247899. | |||||
| CVE-2023-50369 | 1 Almapay | 1 Alma | 2023-12-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma – Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma – Pay in installments or later for WooCommerce: from n/a through 5.1.3. | |||||
| CVE-2023-6789 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-18 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. | |||||
| CVE-2023-6790 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-18 | N/A | 6.1 MEDIUM |
| A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. | |||||
| CVE-2023-50368 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2023-12-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2. | |||||
| CVE-2023-47064 | 1 Adobe | 1 Experience Manager | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-48440 | 1 Adobe | 1 Experience Manager | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-47065 | 1 Adobe | 1 Experience Manager | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48442 | 1 Adobe | 1 Experience Manager | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-48443 | 1 Adobe | 1 Experience Manager | 2023-12-18 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-49745 | 1 Spiffyplugins | 1 Spiffy Calendar | 2023-12-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5. | |||||
| CVE-2023-49743 | 1 Plugin-planet | 1 Dashboard Widget Suite | 2023-12-18 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1. | |||||
| CVE-2023-49740 | 1 Seraphinitesolutions | 1 Seraphinite Accelerator | 2023-12-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28. | |||||
| CVE-2023-49847 | 1 Twinpictures | 1 Annual Archive | 2023-12-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0. | |||||
| CVE-2023-49846 | 1 Bearne | 1 Author Avatars List\/block | 2023-12-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.17. | |||||
| CVE-2023-49836 | 1 Brontobytes | 1 Cookie Bar | 2023-12-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0. | |||||
| CVE-2023-6719 | 1 Europeana | 1 Repox | 2023-12-18 | N/A | 6.1 MEDIUM |
| An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session. | |||||
| CVE-2023-6720 | 1 Europeana | 1 Repox | 2023-12-18 | N/A | 5.4 MEDIUM |
| An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads. | |||||
| CVE-2022-1990 | 1 Kylephillips | 1 Nested Pages | 2023-12-18 | 3.5 LOW | 4.8 MEDIUM |
| The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed | |||||
| CVE-2023-47575 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2023-12-18 | N/A | 6.1 MEDIUM |
| An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS. | |||||
| CVE-2023-38694 | 1 Umbraco | 1 Umbraco Cms | 2023-12-18 | N/A | 5.4 MEDIUM |
| Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue. | |||||
| CVE-2023-28604 | 1 Sitegeist | 1 Fluid Components | 2023-12-18 | N/A | 6.1 MEDIUM |
| The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases. | |||||
| CVE-2023-1885 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||||
| CVE-2023-0791 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2023-0566 | 1 Froxlor | 1 Froxlor | 2023-12-18 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2023-1875 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||||
| CVE-2023-0787 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2023-1756 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||||
| CVE-2023-1761 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||||