Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24393 | 1 Wpmart | 1 Animated Number Counters | 2023-08-16 | N/A | 5.4 MEDIUM |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions. | |||||
| CVE-2020-24075 | 1 Laborator | 1 Kalium | 2023-08-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-25915 | 1 Thinkcmf | 1 Thinkcmf | 2023-08-16 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. | |||||
| CVE-2020-27449 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2023-08-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | |||||
| CVE-2020-20523 | 1 Gilacms | 1 Gila Cms | 2023-08-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation. | |||||
| CVE-2020-24872 | 1 Lepton-cms | 1 Leptoncms | 2023-08-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code. | |||||
| CVE-2023-34374 | 1 Anspress | 1 Anspress | 2023-08-16 | N/A | 4.8 MEDIUM |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <= 4.3.0 versions. | |||||
| CVE-2023-36530 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2023-08-16 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions. | |||||
| CVE-2023-3653 | 1 Digital-ant | 1 Digital Ant | 2023-08-16 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11. | |||||
| CVE-2023-28779 | 1 Simplecoding | 1 Terms Descriptions | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions. | |||||
| CVE-2023-24391 | 1 Spiderteams | 1 Applyonline - Application Form Builder And Manager | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions. | |||||
| CVE-2023-4283 | 1 Wpdeveloper | 1 Embedpress | 2023-08-15 | N/A | 5.4 MEDIUM |
| The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-38333 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-08-15 | N/A | 6.1 MEDIUM |
| Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | |||||
| CVE-2023-37625 | 1 Netbox Project | 1 Netbox | 2023-08-15 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates. | |||||
| CVE-2023-30481 | 1 Profosbox | 1 Agp Font Awesome Collection | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions. | |||||
| CVE-2023-23826 | 1 Webmechanix | 1 Add Posts To Pages | 2023-08-15 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arsham Mirshah Add Posts to Pages plugin <= 1.4.1 versions. | |||||
| CVE-2023-23798 | 1 Web-settler | 1 Layer Slider | 2023-08-15 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions. | |||||
| CVE-2023-24389 | 1 Brandid | 1 Social Proof \(testimonial\) Slider | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions. | |||||
| CVE-2021-23445 | 1 Datatables | 1 Datatables.net | 2023-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. | |||||
| CVE-2018-0251 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the portal or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco ASA Software: 3000 Series Industrial Security Appliances, Adaptive Security Virtual Appliance (ASAv), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches, ASA Services Module for Cisco 7600 Series Routers. Cisco Bug IDs: CSCvh20742. | |||||
| CVE-2019-1701 | 1 Cisco | 14 Adaptive Security Appliance Software, Asa 5505, Asa 5510 and 11 more | 2023-08-15 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities. | |||||
| CVE-2018-0242 | 1 Cisco | 11 Adaptive Security Appliance Software, Asa 5506-x, Asa 5506h-x and 8 more | 2023-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg33985. | |||||
| CVE-2017-6765 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve19179. | |||||
| CVE-2023-39000 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path. | |||||
| CVE-2023-39002 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-37488 | 1 Sap | 1 Netweaver Process Integration | 2023-08-15 | N/A | 6.1 MEDIUM |
| In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system. | |||||
| CVE-2023-38397 | 1 Eggemplo | 1 Gestion-pymes | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eggemplo Gestion-Pymes plugin <= 1.5.6 versions. | |||||
| CVE-2023-37388 | 1 Supito | 1 Mahato Simple Light Weight Social Share | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sudipto Pratap Mahato Simple Light Weight Social Share plugin <= 2.0 versions. | |||||
| CVE-2023-23900 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions. | |||||
| CVE-2023-24009 | 1 Wpazure | 1 Upfrontwp | 2023-08-15 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions. | |||||
| CVE-2023-23871 | 1 Webdzier | 1 Button | 2023-08-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions. | |||||
| CVE-2023-37988 | 1 Creative-solutions | 1 Contact Form Generator | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions. | |||||
| CVE-2023-3652 | 1 Digital-ant | 1 Digital Ant | 2023-08-15 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11. | |||||
| CVE-2023-37983 | 1 Keegnotrub | 1 Art Direction | 2023-08-15 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Noël Jackson Art Direction plugin <= 0.2.4 versions. | |||||
| CVE-2023-39314 | 1 Te-st | 1 Leyka | 2023-08-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions. | |||||
| CVE-2023-36306 | 1 Adiscon | 1 Loganalyzer | 2023-08-14 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components. | |||||
| CVE-2023-4203 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2023-08-14 | N/A | 5.4 MEDIUM |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. | |||||
| CVE-2023-28530 | 1 Ibm | 1 Cognos Analytics | 2023-08-14 | N/A | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214. | |||||
| CVE-2023-3526 | 1 Phoenixcontact | 14 Cloud Client 1101t-tx, Cloud Client 1101t-tx Firmware, Tc Cloud Client 1002-4g and 11 more | 2023-08-14 | N/A | 9.6 CRITICAL |
| In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser. | |||||
| CVE-2023-4202 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2023-08-14 | N/A | 5.4 MEDIUM |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. | |||||
| CVE-2023-25929 | 1 Ibm | 1 Cognos Analytics | 2023-08-14 | N/A | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. | |||||
| CVE-2022-31454 | 1 Yiiframework | 1 Yii | 2023-08-14 | N/A | 6.1 MEDIUM |
| ** DISPUTED ** Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2. | |||||
| CVE-2023-37728 | 1 Icewarp | 1 Icewarp | 2023-08-14 | N/A | 6.1 MEDIUM |
| IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | |||||
| CVE-2023-1119 | 2 Srbtranslatin Project, Updraftplus | 2 Srbtranslatin, Wp-optimize | 2023-08-14 | N/A | 6.1 MEDIUM |
| The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. | |||||
| CVE-2023-39006 | 1 Opnsense | 1 Opnsense | 2023-08-14 | N/A | 5.4 MEDIUM |
| The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization. | |||||
| CVE-2022-4115 | 1 Editorial Calendar Project | 1 Editorial Calendar | 2023-08-14 | N/A | 5.4 MEDIUM |
| The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users. | |||||
| CVE-2023-36314 | 1 Phpjabbers | 1 Callback Widget | 2023-08-11 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0. | |||||
| CVE-2023-36312 | 1 Phpjabbers | 1 Callback Widget | 2023-08-11 | N/A | 5.4 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. | |||||
| CVE-2023-36313 | 1 Phpjabbers | 1 Document Creator | 2023-08-11 | N/A | 6.1 MEDIUM |
| PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". | |||||
| CVE-2023-39007 | 1 Opnsense | 1 Opnsense | 2023-08-11 | N/A | 9.6 CRITICAL |
| /ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS. | |||||