Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6439 | 1 Easycorp | 1 Zentao | 2023-12-06 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439. | |||||
| CVE-2023-6440 | 1 Rems | 1 Book Borrower System | 2023-12-06 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246443. | |||||
| CVE-2023-6442 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-06 | N/A | 5.4 MEDIUM |
| A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability. | |||||
| CVE-2023-48752 | 1 Happyforms | 1 Happyforms | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms: from n/a through 1.25.9. | |||||
| CVE-2023-48746 | 1 Peepso | 1 Peepso | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0. | |||||
| CVE-2023-48748 | 1 Themenectar | 1 Salient Core | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Reflected XSS.This issue affects Salient Core: from n/a through 2.0.2. | |||||
| CVE-2023-48749 | 1 Themenectar | 1 Salient Core | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Stored XSS.This issue affects Salient Core: from n/a through 2.0.2. | |||||
| CVE-2023-28819 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 5.4 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names. | |||||
| CVE-2023-28475 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 6.1 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | |||||
| CVE-2023-28477 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 5.4 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. | |||||
| CVE-2023-48321 | 1 Magazine3 | 1 Amp For Wp | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1. | |||||
| CVE-2023-48320 | 1 Web-dorado | 1 Spidervplayer | 2023-12-06 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a through 1.5.22. | |||||
| CVE-2023-48317 | 1 Vikasvatsa | 1 Display Custom Post | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS.This issue affects Display Custom Post: from n/a through 2.2.1. | |||||
| CVE-2023-48272 | 1 Wpmaspik | 1 Maspik | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2. | |||||
| CVE-2023-47877 | 1 Perfmatters | 1 Perfmatters | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0. | |||||
| CVE-2023-47876 | 1 Perfmatters | 1 Perfmatters | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6. | |||||
| CVE-2023-47872 | 1 Gvectors | 1 Wpforo Forum | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3. | |||||
| CVE-2023-47853 | 1 Mycred | 1 Mycred | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1. | |||||
| CVE-2023-6027 | 1 Elijaa | 1 Phpmemcachedadmin | 2023-12-06 | N/A | 5.4 MEDIUM |
| A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter. | |||||
| CVE-2023-45050 | 1 Automattic | 1 Jetpack | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1. | |||||
| CVE-2023-39921 | 1 Amitzy | 1 Molongui | 2023-12-06 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through 4.6.19. | |||||
| CVE-2023-46086 | 1 Servit | 1 Affiliate-toolkit | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3. | |||||
| CVE-2023-44143 | 1 Bamboo Mcr | 1 Bamboo Columns | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS.This issue affects Bamboo Columns: from n/a through 1.6.1. | |||||
| CVE-2023-45609 | 1 Powr | 1 Powr Pack | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0. | |||||
| CVE-2023-2266 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-06 | N/A | 6.1 MEDIUM |
| An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-34018 | 1 Soundcloud | 1 Soundcloud Shortcode | 2023-12-06 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0. | |||||
| CVE-2023-31177 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-06 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-6461 | 1 Viliusle | 1 Minipaint | 2023-12-06 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0. | |||||
| CVE-2023-38400 | 1 Kriesi | 1 Enfold | 2023-12-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4. | |||||
| CVE-2023-47844 | 1 Neobie | 1 Grab \& Save | 2023-12-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4. | |||||
| CVE-2023-47848 | 1 Tainacan | 1 Tainacan | 2023-12-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4. | |||||
| CVE-2023-41136 | 1 Ohmybox | 1 Simple Long Form | 2023-12-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS.This issue affects Simple Long Form: from n/a through 2.2.2. | |||||
| CVE-2023-48743 | 1 Codehooligans | 1 Simply Exclude | 2023-12-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Menard Simply Exclude allows Reflected XSS.This issue affects Simply Exclude: from n/a through 2.0.6.6. | |||||
| CVE-2023-48737 | 1 Tripay | 1 Payment Gateway | 2023-12-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS.This issue affects TriPay Payment Gateway: from n/a through 3.2.7. | |||||
| CVE-2023-47505 | 1 Elementor | 1 Website Builder | 2023-12-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4. | |||||
| CVE-2023-48336 | 1 Cybernetikz | 1 Easy Social Icons | 2023-12-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Easy Social Icons allows Stored XSS.This issue affects Easy Social Icons: from n/a through 3.2.4. | |||||
| CVE-2021-36806 | 1 Sophos | 1 Email Appliance | 2023-12-05 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4. | |||||
| CVE-2023-48289 | 1 Spreadsheetconverter | 1 Import Spreadsheets | 2023-12-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.3. | |||||
| CVE-2023-48326 | 1 Wp-events-plugin | 1 Events Manager | 2023-12-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5. | |||||
| CVE-2023-48322 | 1 Edocintelligence | 1 Employee Job Application | 2023-12-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application – Best WordPress Job Manager for Employees: from n/a through 1.13. | |||||
| CVE-2023-48329 | 1 Codebard | 1 Fast Custom Social Share | 2023-12-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard Fast Custom Social Share by CodeBard allows Stored XSS.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.1. | |||||
| CVE-2023-32291 | 1 Monsterinsights | 1 Monsterinsights | 2023-12-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through 8.14.1. | |||||
| CVE-2023-38474 | 1 Campaignmonitor | 1 Campaign Monitor | 2023-12-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12. | |||||
| CVE-2023-40680 | 1 Yoast | 1 Yoast Seo | 2023-12-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0. | |||||
| CVE-2023-40674 | 1 Getlasso | 1 Simple Urls | 2023-12-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118. | |||||
| CVE-2023-41127 | 1 Evergreencontentposter | 1 Evergreen Content Poster | 2023-12-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1. | |||||
| CVE-2023-41128 | 1 Iqonic | 1 Wp Roadmap | 2023-12-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8. | |||||
| CVE-2023-47854 | 1 Howardehrenberg | 1 Parallax Image | 2023-12-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS.This issue affects Parallax Image: from n/a through 1.7.1. | |||||
| CVE-2023-4667 | 1 Idemia | 12 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 9 more | 2023-12-05 | N/A | 4.8 MEDIUM |
| The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to unauthorized access and data leakage | |||||
| CVE-2023-47851 | 1 Addonmaster | 1 Bootstrap Shortcodes Ultimate | 2023-12-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1. | |||||