Total
30734 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25485 | 1 Json-content-importer | 1 Json Content Importer | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions. | ||||
| CVE-2023-25460 | 1 Codesolz | 1 Easy Ad Manager | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0 versions. | ||||
| CVE-2023-25488 | 1 Ducbuiquang | 1 Wp Default Feature Image | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions. | ||||
| CVE-2023-25490 | 1 Archivist - Custom Archive Templates Project | 1 Archivist - Custom Archive Templates | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions. | ||||
| CVE-2023-25458 | 1 Gmo | 1 Typesquare Webfonts For Conoha | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions. | ||||
| CVE-2023-25462 | 1 Antonioandrade | 1 Wp Htaccess Control | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions. | ||||
| CVE-2023-25439 | 1 Squarepiginteractive | 1 Fusioninvoice | 2024-08-02 | 6.1 Medium |
| Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details. | ||||
| CVE-2023-25309 | 1 Fetlife | 1 Rollout-ui | 2024-08-02 | 6.1 Medium |
| Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality. | ||||
| CVE-2023-25440 | 1 Civicrm | 1 Civicrm | 2024-08-02 | 5.4 Medium |
| Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. | ||||
| CVE-2023-25347 | 1 Churchcrm | 1 Churchcrm | 2024-08-02 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php. | ||||
| CVE-2023-25453 | 1 Iansadowsky | 1 Wordpress Tables | 2024-08-02 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <= 1.3.9 versions. | ||||
| CVE-2023-25346 | 1 Churchcrm | 1 Churchcrm | 2024-08-02 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. | ||||
| CVE-2023-25452 | 1 Cms Press Project | 1 Cms Press | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions. | ||||
| CVE-2023-25451 | 1 Wpchill | 1 Cpo Content Types | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions. | ||||
| CVE-2023-25292 | 1 Group-office | 1 Group Office | 2024-08-02 | 6.1 Medium |
| Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. | ||||
| CVE-2023-25172 | 1 Discourse | 1 Discourse | 2024-08-02 | 4.4 Medium |
| Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches. As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse. | ||||
| CVE-2023-25314 | 1 Wwbn | 1 Avideo | 2024-08-02 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. | ||||
| CVE-2023-25431 | 1 Online Reviewer Management System Project | 1 Online Reviewer Management System | 2024-08-02 | 4.8 Medium |
| An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php. | ||||
| CVE-2023-25241 | 1 Bgerp | 1 Bgerp | 2024-08-02 | 6.1 Medium |
| bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. | ||||
| CVE-2023-25154 | 1 Misskey | 1 Misskey | 2024-08-02 | 7.1 High |
| Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an attacker may execute JavaScript code in the context of the recipient. This issue has been fixed in version 13.5.0. Users are advised to upgrade. Users unable to upgrade should not "view on remote" for untrusted instances. | ||||