Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47379 | 1 Microweber | 1 Microweber | 2023-11-15 | N/A | 5.4 MEDIUM |
| Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. | |||||
| CVE-2022-0857 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||
| CVE-2021-31835 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-15 | 4.3 MEDIUM | 4.8 MEDIUM |
| Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized. | |||||
| CVE-2023-5819 | 1 Gara | 1 Amazonify | 2023-11-15 | N/A | 4.8 MEDIUM |
| The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS. | |||||
| CVE-2023-6002 | 1 Yugabyte | 1 Yugabytedb | 2023-11-15 | N/A | 6.1 MEDIUM |
| YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs. | |||||
| CVE-2023-45885 | 1 Nasa | 1 Openmct | 2023-11-15 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | |||||
| CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-11-15 | N/A | 5.4 MEDIUM |
| Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | |||||
| CVE-2023-5541 | 1 Moodle | 1 Moodle | 2023-11-15 | N/A | 6.1 MEDIUM |
| The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | |||||
| CVE-2023-5546 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-11-15 | N/A | 5.4 MEDIUM |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2023-5547 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-11-15 | N/A | 6.1 MEDIUM |
| The course upload preview contained an XSS risk for users uploading unsafe data. | |||||
| CVE-2023-5076 | 1 Ziteboard | 1 Ziteboard | 2023-11-15 | N/A | 5.4 MEDIUM |
| The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-3469 | 1 Marcomilesi | 1 Wp Attachments | 2023-11-15 | N/A | 4.8 MEDIUM |
| The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2022-23108 | 1 Jenkins | 1 Badge | 2023-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-27207 | 1 Jenkins | 1 Global-build-stats | 2023-11-15 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2022-23110 | 1 Jenkins | 1 Publish Over Ssh | 2023-11-15 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2023-36806 | 1 Contao | 1 Contao | 2023-11-15 | N/A | 5.4 MEDIUM |
| Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users. | |||||
| CVE-2020-5308 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. | |||||
| CVE-2021-27544 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2023-11-14 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | |||||
| CVE-2022-43369 | 1 Phpgurukul | 1 Auto\/taxi Stand Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php. | |||||
| CVE-2022-29004 | 1 Phpgurukul | 1 E-diary Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. | |||||
| CVE-2022-47102 | 1 Phpgurukul | 1 Student Study Center Management System | 2023-11-14 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2023-37688 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page. | |||||
| CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. | |||||
| CVE-2023-37689 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page. | |||||
| CVE-2023-37690 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. | |||||
| CVE-2023-37746 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component. | |||||
| CVE-2023-37744 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. | |||||
| CVE-2022-40470 | 1 Phpgurukul | 1 Blood Donor Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. | |||||
| CVE-2023-46626 | 1 Flowfact | 1 Flowfact | 2023-11-14 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions. | |||||
| CVE-2023-37686 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal. | |||||
| CVE-2023-37683 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin. | |||||
| CVE-2023-37685 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal. | |||||
| CVE-2023-37684 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal. | |||||
| CVE-2023-47223 | 1 Wpmapplugins | 1 Basic Interactive World Map | 2023-11-14 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <= 2.0 versions. | |||||
| CVE-2020-26052 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters. | |||||
| CVE-2020-23466 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field. | |||||
| CVE-2021-28424 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | |||||
| CVE-2021-44317 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | |||||
| CVE-2022-35155 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. | |||||
| CVE-2021-42223 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. | |||||
| CVE-2022-45728 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-45729 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. | |||||
| CVE-2022-46128 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=. | |||||
| CVE-2022-45730 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. | |||||
| CVE-2023-38549 | 1 Veeam | 1 One | 2023-11-14 | N/A | 5.4 MEDIUM |
| A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role. | |||||
| CVE-2023-41425 | 1 Wondercms | 1 Wondercms | 2023-11-14 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. | |||||
| CVE-2023-41614 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter. | |||||
| CVE-2021-4232 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. | |||||
| CVE-2022-1816 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. | |||||
| CVE-2022-31897 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. | |||||