Total
30726 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23989 | 2024-08-02 | 5.3 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2. | ||||
| CVE-2023-24182 | 1 Openwrt | 1 Openwrt | 2024-08-02 | 5.4 Medium |
| LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js. | ||||
| CVE-2023-24081 | 1 Go-redrock | 1 Tutortrac | 2024-08-02 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page. | ||||
| CVE-2023-24070 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-08-02 | 6.1 Medium |
| app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. | ||||
| CVE-2023-24230 | 1 Formwork Project | 1 Formwork | 2024-08-02 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. | ||||
| CVE-2023-23995 | 1 Tinymce Custom Styles Project | 1 Tinymce Custom Styles | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions. | ||||
| CVE-2023-24031 | 1 Zimbra | 1 Collaboration | 2024-08-02 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure. | ||||
| CVE-2023-23996 | 1 Properfraction | 1 Profilepress | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions. | ||||
| CVE-2023-23981 | 1 Quantumcloud | 1 Conversational Forms For Chatbot | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions. | ||||
| CVE-2023-24001 | 1 Modal Dialog Project | 1 Modal Dialog | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions. | ||||
| CVE-2023-23977 | 1 Heateor | 1 Social Comments | 2024-08-02 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions. | ||||
| CVE-2023-24004 | 1 Wpdevart | 1 Download Image And Video Lightbox\, Image Popup | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions. | ||||
| CVE-2023-24005 | 1 Winwar | 1 Inline Tweet Sharer | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions. | ||||
| CVE-2023-24026 | 1 Misp-project | 1 Misp | 2024-08-02 | 6.1 Medium |
| In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. | ||||
| CVE-2023-23994 | 1 Auto Hide Admin Bar Project | 1 Auto Hide Admin Bar | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions. | ||||
| CVE-2023-24065 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2024-08-02 | 5.4 Medium |
| NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting. | ||||
| CVE-2023-24086 | 1 Slims Project | 1 Slims | 2024-08-02 | 6.1 Medium |
| SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. | ||||
| CVE-2023-24027 | 1 Misp | 1 Misp | 2024-08-02 | 6.1 Medium |
| In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | ||||
| CVE-2023-24003 | 1 Timersys | 1 Wp Popups | 2024-08-02 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions. | ||||
| CVE-2023-24002 | 1 Wpdevart | 1 Youtube Embed\, Playlist And Popup | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions. | ||||