Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48614 | 1 Semantic-mediawiki | 1 Semantic Mediawiki | 2023-12-13 | N/A | 6.1 MEDIUM |
| Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS. | |||||
| CVE-2023-6609 | 1 Oscommerce | 1 Oscommerce | 2023-12-13 | N/A | 6.1 MEDIUM |
| A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-38435 | 1 Apache | 1 Felix Health Check Webconsole Plugin | 2023-12-13 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack. Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher. | |||||
| CVE-2023-6649 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2023-12-13 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input <script>alert(5)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6650 | 1 Oretnom23 | 1 Simple Invoice Generator System | 2023-12-13 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247343. | |||||
| CVE-2023-28873 | 1 Seafile | 1 Seafile | 2023-12-12 | N/A | 5.4 MEDIUM |
| An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. | |||||
| CVE-2020-25835 | 1 Microfocus | 1 Arcsight Management Center | 2023-12-12 | N/A | 5.4 MEDIUM |
| A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). | |||||
| CVE-2023-46499 | 1 Evershop | 1 Evershop | 2023-12-12 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. | |||||
| CVE-2023-46495 | 1 Evershop | 1 Evershop | 2023-12-12 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. | |||||
| CVE-2023-46494 | 1 Evershop | 1 Evershop | 2023-12-12 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. | |||||
| CVE-2020-16218 | 1 Philips | 1 Patient Information Center Ix | 2023-12-12 | 2.7 LOW | 3.5 LOW |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. | |||||
| CVE-2023-34439 | 1 Pleasanter | 1 Pleasanter | 2023-12-12 | N/A | 5.4 MEDIUM |
| Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. | |||||
| CVE-2023-6333 | 1 Controlbyweb | 6 X-301-24i, X-301-24i Firmware, X-301-i and 3 more | 2023-12-12 | N/A | 5.4 MEDIUM |
| The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session. | |||||
| CVE-2023-42325 | 1 Netgate | 1 Pfsense | 2023-12-12 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | |||||
| CVE-2023-42327 | 1 Netgate | 1 Pfsense | 2023-12-12 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | |||||
| CVE-2023-6616 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-12 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability. | |||||
| CVE-2023-6613 | 1 Typecho | 1 Typecho | 2023-12-12 | N/A | 4.8 MEDIUM |
| A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-23372 | 1 Qnap | 2 Qts, Quts Hero | 2023-12-12 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later | |||||
| CVE-2023-41171 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). | |||||
| CVE-2023-41170 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 6.1 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. | |||||
| CVE-2023-41169 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). | |||||
| CVE-2023-41168 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). | |||||
| CVE-2023-49493 | 1 Dedecms | 1 Dedecms | 2023-12-12 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | |||||
| CVE-2023-49492 | 1 Dedecms | 1 Dedecms | 2023-12-12 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | |||||
| CVE-2023-41172 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). | |||||
| CVE-2023-41905 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. | |||||
| CVE-2023-6146 | 1 Qualys | 1 Private Cloud Platform | 2023-12-12 | N/A | 5.4 MEDIUM |
| A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details. | |||||
| CVE-2023-49486 | 1 Jfinalcms Project | 1 Jfinalcms | 2023-12-12 | N/A | 5.4 MEDIUM |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. | |||||
| CVE-2023-49485 | 1 Jfinalcms Project | 1 Jfinalcms | 2023-12-12 | N/A | 5.4 MEDIUM |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. | |||||
| CVE-2023-49487 | 1 Jfinalcms Project | 1 Jfinalcms | 2023-12-12 | N/A | 5.4 MEDIUM |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. | |||||
| CVE-2023-43102 | 1 Zimbra | 1 Collaboration | 2023-12-12 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. | |||||
| CVE-2023-43103 | 1 Zimbra | 1 Collaboration | 2023-12-12 | N/A | 6.1 MEDIUM |
| An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. | |||||
| CVE-2023-46857 | 1 Squidex.io | 1 Squidex | 2023-12-12 | N/A | 5.4 MEDIUM |
| Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation. | |||||
| CVE-2023-49225 | 1 Ruckuswireless | 74 C110, C110 Firmware, E510 and 71 more | 2023-12-12 | N/A | 6.1 MEDIUM |
| A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. | |||||
| CVE-2023-28017 | 1 Hcltech | 1 Connections | 2023-12-12 | N/A | 5.4 MEDIUM |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks. | |||||
| CVE-2021-37208 | 1 Siemens | 54 Ruggedcom I800, Ruggedcom I801, Ruggedcom I802 and 51 more | 2023-12-12 | 3.5 LOW | 9.6 CRITICAL |
| A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. | |||||
| CVE-2023-28875 | 1 Afian | 1 Filerun | 2023-12-11 | N/A | 5.4 MEDIUM |
| A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. | |||||
| CVE-2023-48940 | 1 Daicuo | 1 Daicuo | 2023-12-11 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-46693 | 1 Formalms | 1 Formalms | 2023-12-11 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters. | |||||
| CVE-2023-49444 | 1 Html-js | 1 Doracms | 2023-12-11 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. | |||||
| CVE-2023-49484 | 1 Iteachyou | 1 Dreamer Cms | 2023-12-11 | N/A | 5.4 MEDIUM |
| Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. | |||||
| CVE-2023-6527 | 1 I13websolution | 1 Email Subscription Popup | 2023-12-11 | N/A | 6.1 MEDIUM |
| The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2023-6568 | 1 Lfprojects | 1 Mlflow | 2023-12-09 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlflow prior to 2.9.0. | |||||
| CVE-2023-46974 | 1 Mayurik | 1 Courier Management System | 2023-12-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. | |||||
| CVE-2023-48828 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2023-12-09 | N/A | 5.4 MEDIUM |
| Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | |||||
| CVE-2023-48825 | 1 Phpjabbers | 1 Availability Booking Calendar | 2023-12-09 | N/A | 5.4 MEDIUM |
| Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. | |||||
| CVE-2023-48827 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2023-12-09 | N/A | 5.4 MEDIUM |
| Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | |||||
| CVE-2023-48172 | 1 Phpjabbers | 1 Shuttle Booking Software | 2023-12-09 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. | |||||
| CVE-2023-48206 | 1 Mayurik | 1 Courier Management System | 2023-12-09 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. | |||||
| CVE-2023-48208 | 1 Phpjabbers | 1 Availability Booking Calendar | 2023-12-09 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. | |||||