Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34362 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2023-08-08 | N/A | 4.6 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. | |||||
| CVE-2021-40658 | 1 Textpattern | 1 Textpattern | 2023-08-08 | 3.5 LOW | 4.8 MEDIUM |
| Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | |||||
| CVE-2022-34009 | 2 Fossil-scm, Microsoft | 2 Fossil, Windows | 2023-08-08 | N/A | 5.5 MEDIUM |
| Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware. | |||||
| CVE-2021-20543 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2023-08-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929. | |||||
| CVE-2022-34966 | 1 Openteknik | 1 Open Source Social Network | 2023-08-08 | N/A | 7.5 HIGH |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home. | |||||
| CVE-2023-25836 | 1 Esri | 1 Portal For Arcgis | 2023-08-07 | N/A | 5.4 MEDIUM |
| There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low. | |||||
| CVE-2023-32624 | 1 Sakura | 1 Ts Webfonts | 2023-08-07 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-4111 | 1 Phpjabbers | 1 Bus Reservation System | 2023-08-07 | N/A | 6.1 MEDIUM |
| A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4110 | 1 Phpjabbers | 1 Availability Booking Calendar | 2023-08-07 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-38138 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-08-07 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-37501 | 1 Hcltech | 1 Unica | 2023-08-07 | N/A | 6.1 MEDIUM |
| A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks. | |||||
| CVE-2023-37500 | 1 Hcltech | 1 Unica | 2023-08-07 | N/A | 6.1 MEDIUM |
| A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks. | |||||
| CVE-2023-37499 | 1 Hcltech | 1 Unica | 2023-08-07 | N/A | 6.1 MEDIUM |
| A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks. | |||||
| CVE-2023-38423 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-08-07 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-3978 | 1 Golang | 1 Networking | 2023-08-07 | N/A | 6.1 MEDIUM |
| Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. | |||||
| CVE-2023-36081 | 1 Gatesair | 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware | 2023-08-07 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard. | |||||
| CVE-2020-11731 | 1 Davidlingren | 1 Media Library Assistant | 2023-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. | |||||
| CVE-2018-20982 | 1 Davidlingren | 1 Media Library Assistant | 2023-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. | |||||
| CVE-2023-26316 | 1 Mi | 1 Xiaomi Cloud | 2023-08-07 | N/A | 6.1 MEDIUM |
| A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies. | |||||
| CVE-2021-45094 | 1 Okta | 1 Imprivata Privileged Access Management | 2023-08-07 | N/A | 5.4 MEDIUM |
| Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | |||||
| CVE-2023-31928 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-08-07 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. | |||||
| CVE-2018-18307 | 1 Alchemy-cms | 1 Alchemy Cms | 2023-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized." | |||||
| CVE-2023-39096 | 1 Webboss | 1 Webboss.io Cms | 2023-08-07 | N/A | 5.4 MEDIUM |
| WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding. | |||||
| CVE-2023-39097 | 1 Webboss | 1 Webboss.io Cms | 2023-08-07 | N/A | 5.4 MEDIUM |
| WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2023-36138 | 1 Phpjabbers | 1 Cleaning Business Software | 2023-08-05 | N/A | 6.1 MEDIUM |
| PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. | |||||
| CVE-2023-36121 | 1 E107 | 1 E107 | 2023-08-05 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | |||||
| CVE-2023-4117 | 1 Phpjabbers | 1 Rental Property Booking Calendar | 2023-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4116 | 1 Phpjabbers | 1 Taxi Booking Script | 2023-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4114 | 1 Phpjabbers | 1 Night Club Booking Software | 2023-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4113 | 1 Phpjabbers | 1 Service Booking Script | 2023-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4115 | 1 Phpjabbers | 1 Cleaning Business Software | 2023-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4112 | 1 Phpjabbers | 1 Shuttle Booking Software | 2023-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-20808 | 1 Qibosoft | 1 Qibosoft | 2023-08-05 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php. | |||||
| CVE-2023-33257 | 1 Verint | 1 Engagement Management | 2023-08-04 | N/A | 5.4 MEDIUM |
| Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat. | |||||
| CVE-2023-4067 | 1 Mage-people | 1 Bus Ticket Booking With Seat Reservation | 2023-08-04 | N/A | 6.1 MEDIUM |
| The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2023-3500 | 1 Gitlab | 1 Gitlab | 2023-08-04 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims. | |||||
| CVE-2023-2164 | 1 Gitlab | 1 Gitlab | 2023-08-04 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta. | |||||
| CVE-2023-38057 | 1 Otrs | 1 Survey | 2023-08-04 | N/A | 5.4 MEDIUM |
| An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22. | |||||
| CVE-2023-37979 | 1 Ninjaforms | 1 Ninja Forms | 2023-08-04 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions. | |||||
| CVE-2023-34869 | 1 Phpjabbers | 1 Catering System | 2023-08-04 | N/A | 6.1 MEDIUM |
| PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot. | |||||
| CVE-2023-36118 | 1 Faculty Evaulation System Project | 1 Faculty Evaulation System | 2023-08-04 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter. | |||||
| CVE-2023-34360 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2023-08-04 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code. | |||||
| CVE-2023-22595 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2023-08-04 | N/A | 5.4 MEDIUM |
| IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076. | |||||
| CVE-2023-3292 | 1 Wpsofts | 1 Portfolio Gallery\, Product Catalog - Grid Kit Portfolio | 2023-08-04 | N/A | 6.1 MEDIUM |
| The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-23548 | 1 Tribe29 | 1 Checkmk | 2023-08-04 | N/A | 6.1 MEDIUM |
| Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | |||||
| CVE-2023-37496 | 1 Hcltech | 1 Verse | 2023-08-04 | N/A | 5.4 MEDIUM |
| HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | |||||
| CVE-2022-43711 | 1 Gxsoftware | 1 Xperiencentral | 2023-08-04 | N/A | 6.1 MEDIUM |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src. | |||||
| CVE-2020-36763 | 1 Duxcms Project | 1 Duxcms | 2023-08-04 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post. | |||||
| CVE-2023-38305 | 1 Webmin | 1 Webmin | 2023-08-04 | N/A | 6.1 MEDIUM |
| An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed. | |||||
| CVE-2023-38306 | 1 Webmin | 1 Webmin | 2023-08-04 | N/A | 6.1 MEDIUM |
| An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code. | |||||