Total
30731 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24687 | 1 Mojoportal | 1 Mojoportal | 2024-08-02 | 5.4 Medium |
| Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. | ||||
| CVE-2023-24522 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-02 | 6.1 Medium |
| Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application. | ||||
| CVE-2023-24521 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-08-02 | 6.1 Medium |
| Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application. | ||||
| CVE-2023-24464 | 1 Buffalo | 14 Bs-gs2008, Bs-gs2008 Firmware, Bs-gs2008p and 11 more | 2024-08-02 | 5.4 Medium |
| Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier | ||||
| CVE-2023-24529 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-08-02 | 6.1 Medium |
| Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information. | ||||
| CVE-2023-24494 | 1 Tenable | 1 Tenable.sc | 2024-08-02 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. | ||||
| CVE-2023-24525 | 1 Sap | 2 Customer Relationship Management Webclient Ui, S4fnd | 2024-08-02 | 4.3 Medium |
| SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application. | ||||
| CVE-2023-24508 | 1 Baicells | 6 Nova227, Nova233, Nova243 and 3 more | 2024-08-02 | 8.1 High |
| Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. | ||||
| CVE-2023-24469 | 1 Microfocus | 1 Arcsight Logger | 2024-08-02 | 6.1 Medium |
| Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0 | ||||
| CVE-2023-24411 | 1 Bnecreative | 1 Bne Testimonials | 2024-08-02 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions. | ||||
| CVE-2023-24403 | 1 Wpforthewin | 1 Bbpress Voting | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions. | ||||
| CVE-2023-24413 | 1 I13websolution | 1 Wordpress Vertical Image Slider | 2024-08-02 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions. | ||||
| CVE-2023-24398 | 1 Snapcreek | 1 Ezp Coming Soon Page | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions. | ||||
| CVE-2023-24372 | 1 Usbmemorydirect | 1 Simple Custom Author Profiles | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions. | ||||
| CVE-2023-24404 | 1 Rarathemes | 1 Vryasage Marketing Performance | 2024-08-02 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. | ||||
| CVE-2023-24402 | 1 Wpbookingsystem | 1 Wp Booking System | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions. | ||||
| CVE-2023-24418 | 1 Gopiplus | 1 Tiny Carousel Horizontal Slider Plus | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions. | ||||
| CVE-2023-24408 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2024-08-02 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions. | ||||
| CVE-2023-24383 | 1 Kibokolabs | 1 Namaste\! Lms | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions. | ||||
| CVE-2023-24369 | 1 Ujcms | 1 Ujcms | 2024-08-02 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function. | ||||