Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31079 | 1 Thechrisroberts | 1 Tippy | 2023-08-22 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Roberts Tippy plugin <= 6.2.1 versions. | |||||
| CVE-2023-28783 | 1 Phpradar | 1 Woocommerce Tip\/donation | 2023-08-22 | N/A | 5.4 MEDIUM |
| Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions. | |||||
| CVE-2023-30877 | 1 Icopydoc | 1 Xml For Google Merchant Center | 2023-08-22 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov XML for Google Merchant Center plugin <= 3.0.1 versions. | |||||
| CVE-2023-26530 | 1 Updraftplus | 1 Updraft | 2023-08-22 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Kehrer Updraft plugin <= 0.6.1 versions. | |||||
| CVE-2023-31076 | 1 Really-simple-plugins | 1 Recipe Maker For Your Food Blog From Zip Recipes | 2023-08-22 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.6 versions. | |||||
| CVE-2023-31074 | 1 Hupe13 | 1 Extensions For Leaflet Map | 2023-08-22 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <= 3.4.1 versions. | |||||
| CVE-2023-31071 | 1 Ylefebvre | 1 Modal Dialog | 2023-08-22 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.14 versions. | |||||
| CVE-2023-31091 | 1 Pradeepsinghweb | 1 Dynamically Register Sidebars | 2023-08-22 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pradeep Singh Dynamically Register Sidebars plugin <= 1.0.1 versions. | |||||
| CVE-2023-30876 | 1 Davidmichaelross | 1 Dave\'s Wordpress Live Search | 2023-08-22 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave Ross Dave's WordPress Live Search plugin <= 4.8.1 versions. | |||||
| CVE-2023-30874 | 1 Stpetedesign | 1 Gps Plotter | 2023-08-22 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Steve Curtis, St. Pete Design Gps Plotter plugin <= 5.1.4 versions. | |||||
| CVE-2023-28622 | 1 Tridenttechnolabs | 1 Easy Slider Revolution | 2023-08-22 | N/A | 5.4 MEDIUM |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0 versions. | |||||
| CVE-2023-28533 | 1 Nimbus | 1 Cab Grid | 2023-08-22 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Williams Cab Grid plugin <= 1.5.15 versions. | |||||
| CVE-2023-4395 | 1 Agentejo | 1 Cockpit | 2023-08-22 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. | |||||
| CVE-2023-40024 | 1 Nexb | 1 Scancode.io | 2023-08-21 | N/A | 6.1 MEDIUM |
| ScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-4308 | 1 Plugin-planet | 1 User Submitted Posts | 2023-08-21 | N/A | 5.4 MEDIUM |
| The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-3721 | 1 Lesterchan | 1 Wp-email | 2023-08-21 | N/A | 4.8 MEDIUM |
| The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-26961 | 1 Alteryx | 1 Alteryx Server | 2023-08-21 | N/A | 4.8 MEDIUM |
| Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request. | |||||
| CVE-2023-28773 | 1 Kolja-nolte | 1 Secondary Title | 2023-08-21 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kolja Nolte Secondary Title plugin <= 2.0.9.1 versions. | |||||
| CVE-2023-3328 | 1 Custom Field For Wp Job Manager Project | 1 Custom Field For Wp Job Manager | 2023-08-21 | N/A | 4.8 MEDIUM |
| The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-2803 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2023-08-21 | N/A | 6.1 MEDIUM |
| The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2023-3645 | 1 Bitapps | 1 Contact Form Builder | 2023-08-21 | N/A | 4.8 MEDIUM |
| The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-2802 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2023-08-21 | N/A | 4.8 MEDIUM |
| The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-2606 | 1 Brutalplugins | 1 Wp Brutal Ai | 2023-08-21 | N/A | 4.8 MEDIUM |
| The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-30477 | 1 Essitco | 1 Affiliate Solution | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <= 1.0 versions. | |||||
| CVE-2023-37070 | 1 Code-projects | 1 Hospital Information System | 2023-08-18 | N/A | 4.8 MEDIUM |
| Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS) | |||||
| CVE-2023-29097 | 1 A3rev | 1 A3 Portfolio | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <= 3.1.0 versions. | |||||
| CVE-2023-30483 | 1 Kibokolabs | 1 Watu Quiz | 2023-08-18 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.9.2 versions. | |||||
| CVE-2023-30475 | 1 Couponaffiliates | 1 Woocommerce Affiliate | 2023-08-18 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions. | |||||
| CVE-2023-40342 | 1 Jenkins | 1 Flaky Test Handler | 2023-08-18 | N/A | 5.4 MEDIUM |
| Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents. | |||||
| CVE-2023-40346 | 1 Jenkins | 1 Shortcut Job | 2023-08-18 | N/A | 5.4 MEDIUM |
| Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs. | |||||
| CVE-2023-40350 | 1 Jenkins | 1 Docker Swarm | 2023-08-18 | N/A | 5.4 MEDIUM |
| Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker. | |||||
| CVE-2023-31942 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php. | |||||
| CVE-2023-30489 | 1 I13websolution | 1 Email Subscription Popup | 2023-08-18 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions. | |||||
| CVE-2023-30752 | 1 Gingertech | 1 External Videos | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silvia Pfeiffer and Andrew Nimmo External Videos plugin <= 2.0.1 versions. | |||||
| CVE-2023-30751 | 1 Icontrolwp | 1 Article Directory Redux | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions. | |||||
| CVE-2023-30749 | 1 Ihomefinder | 1 Optima Express \+ Marketboost Idx | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <= 7.3.0 versions. | |||||
| CVE-2020-19952 | 1 Jbt | 1 Live \(github-flavored\) Markdown Editor | 2023-08-18 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file. | |||||
| CVE-2023-3937 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2023-08-18 | N/A | 4.8 MEDIUM |
| Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser | |||||
| CVE-2023-27515 | 1 Intel | 1 Driver \& Support Assistant | 2023-08-18 | N/A | 9.6 CRITICAL |
| Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-28535 | 1 Commoninja | 1 Paytm Payment Donation | 2023-08-18 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Paytm Payment Donation plugin <= 2.2.0 versions. | |||||
| CVE-2021-27524 | 1 Margox | 1 Braft-editor | 2023-08-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. | |||||
| CVE-2023-25599 | 1 Mitel | 1 Mivoice Connect | 2023-08-17 | N/A | 7.4 HIGH |
| A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2020-28717 | 1 Kindsoft | 1 Kindeditor | 2023-08-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code. | |||||
| CVE-2020-28849 | 1 Churchcrm | 1 Churchcrm | 2023-08-17 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module. | |||||
| CVE-2023-22843 | 1 Nozominetworks | 2 Cmc, Guardian | 2023-08-16 | N/A | 4.8 MEDIUM |
| An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule. An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules. The injected code will be executed in the context of the authenticated victim's session. | |||||
| CVE-2022-29887 | 1 Intel | 1 Manageability Commander | 2023-08-16 | N/A | 9.6 CRITICAL |
| Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-39955 | 1 Nextcloud | 1 Notes | 2023-08-16 | N/A | 6.1 MEDIUM |
| Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available. | |||||
| CVE-2023-23828 | 1 Swas | 1 Wp Category Post List | 2023-08-16 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <= 2.0.3 versions. | |||||
| CVE-2020-3599 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2023-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-12695 | 1 Cisco | 13 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 10 more | 2023-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | |||||