Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36315 | 1 Phpjabbers | 1 Callback Widget | 2023-08-11 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0. | |||||
| CVE-2010-0440 | 1 Cisco | 3 Adaptive Security Appliance Software, Asa 5500, Secure Desktop | 2023-08-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html. | |||||
| CVE-2014-2120 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. | |||||
| CVE-2017-6764 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-11 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd82064. | |||||
| CVE-2013-3414 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2023-08-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. | |||||
| CVE-2014-8012 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695. | |||||
| CVE-2023-36310 | 1 Phpjabbers | 1 Document Creator | 2023-08-11 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | |||||
| CVE-2023-36309 | 1 Phpjabbers | 1 Document Creator | 2023-08-11 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. | |||||
| CVE-2022-44629 | 1 Catalystconnect | 1 Catalyst Connect Zoho Crm Client Portal | 2023-08-11 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions. | |||||
| CVE-2023-38347 | 1 Lw-systems | 1 Benno Mailarchiv | 2023-08-11 | N/A | 6.1 MEDIUM |
| An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox. | |||||
| CVE-2023-38758 | 1 Wger | 1 Workout Manager | 2023-08-11 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components. | |||||
| CVE-2021-41184 | 6 Drupal, Fedoraproject, Jqueryui and 3 more | 35 Drupal, Fedora, Jquery Ui and 32 more | 2023-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | |||||
| CVE-2023-39518 | 1 Fobybus | 1 Social-media-skeleton | 2023-08-10 | N/A | 5.4 MEDIUM |
| social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3. | |||||
| CVE-2023-32600 | 1 Rankmath | 1 Seo | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions. | |||||
| CVE-2023-4196 | 1 Agentejo | 1 Cockpit | 2023-08-10 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | |||||
| CVE-2023-23877 | 1 Bkmacdaddy | 1 Pinterest Rss Widget | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions. | |||||
| CVE-2023-27412 | 1 Everestthemes | 1 Mocho Blog | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions. | |||||
| CVE-2023-36692 | 1 Wp-cirrus Project | 1 Wp-cirrus | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin <= 0.6.11 versions. | |||||
| CVE-2023-23829 | 1 Pierre-jehan | 1 Owl Carousel | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3 versions. | |||||
| CVE-2023-27421 | 1 Everestthemes | 1 Everest News | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions. | |||||
| CVE-2023-27416 | 1 Decondigital | 1 Decon Wp Sms | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions. | |||||
| CVE-2023-23880 | 1 Monsterinsights | 1 Exactmetrics | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions. | |||||
| CVE-2023-29099 | 1 Elegant Themes | 1 Divi | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions. | |||||
| CVE-2023-32503 | 1 Gtmetrix | 1 Gtmetrix | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions. | |||||
| CVE-2023-27422 | 1 Nsthemes | 1 Ns Coupon To Become Customer | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions. | |||||
| CVE-2022-45821 | 1 Nootheme | 1 Noo Timetable | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. | |||||
| CVE-2023-24409 | 1 I13websolution | 1 Wp Responsive Tabs Horizontal Vertical And Accordion Tabs | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions. | |||||
| CVE-2023-25459 | 1 Postsnippets | 1 Post Snippets | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions. | |||||
| CVE-2023-27627 | 1 Eggemplo | 1 Woocommerce Email Report | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <= 2.4 versions. | |||||
| CVE-2023-25063 | 1 Anadnet | 1 Quick Page\/post Redirect Plugin | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions. | |||||
| CVE-2023-24413 | 1 I13websolution | 1 Wordpress Vertical Image Slider | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions. | |||||
| CVE-2023-27415 | 1 Themeqx | 1 Letterpress | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions. | |||||
| CVE-2023-28931 | 1 Never5 | 1 Post Connector | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions. | |||||
| CVE-2023-25984 | 1 Rigorous-digital | 1 Dovetail | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions. | |||||
| CVE-2023-30482 | 1 Villatheme | 1 Wpbulky | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions. | |||||
| CVE-2023-31221 | 1 Ransomchristofferson | 1 Pdq Csv | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ransom Christofferson PDQ CSV plugin <= 1.0.0 versions. | |||||
| CVE-2023-32292 | 1 Getbutton | 1 Chat Button | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions. | |||||
| CVE-2023-28934 | 1 Paymentsplugin | 1 Wp Full Stripe Free | 2023-08-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions. | |||||
| CVE-2023-38384 | 1 Syntacticsinc | 1 Easync | 2023-08-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3.7 versions. | |||||
| CVE-2023-36159 | 1 Lost And Found Information System Project | 1 Lost And Found Information System | 2023-08-09 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | |||||
| CVE-2023-39527 | 1 Prestashop | 1 Prestashop | 2023-08-09 | N/A | 6.1 MEDIUM |
| PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds. | |||||
| CVE-2023-4170 | 1 Dedebiz | 1 Dedebiz | 2023-08-09 | N/A | 4.8 MEDIUM |
| A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4167 | 1 Emby | 1 Emby.releases | 2023-08-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183. | |||||
| CVE-2023-39437 | 1 Sap | 1 Business One | 2023-08-09 | N/A | 5.4 MEDIUM |
| SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application. | |||||
| CVE-2023-36686 | 1 Cartflows | 1 Cartflows | 2023-08-09 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions. | |||||
| CVE-2023-38392 | 1 Wpgogo | 1 Custom Field Template | 2023-08-09 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions. | |||||
| CVE-2023-4187 | 1 Instantcms | 1 Instantcms | 2023-08-09 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-38766 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. | |||||
| CVE-2023-0604 | 1 Wpfoodmanager | 1 Wp Food Manager | 2023-08-09 | N/A | 5.4 MEDIUM |
| The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-3524 | 1 Wpcode | 1 Wpcode | 2023-08-09 | N/A | 6.1 MEDIUM |
| The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | |||||