Total
30726 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23956 | 1 Broadcom | 1 Symantec Siteminder Webagent | 2024-08-02 | 5.4 Medium |
| A user can supply malicious HTML and JavaScript code that will be executed in the client browser | ||||
| CVE-2023-23982 | 1 Wpfrom Email Project | 1 Wpfrom Email | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions. | ||||
| CVE-2023-24006 | 1 Linksoftwarellc | 1 Wp Terms Popup | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions. | ||||
| CVE-2023-23987 | 1 Wpeverest | 1 User Registration | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions. | ||||
| CVE-2023-23972 | 1 Wpdevart | 1 Social Like Box And Page | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions. | ||||
| CVE-2023-23980 | 1 Mailoptin | 1 Mailoptin | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions. | ||||
| CVE-2023-23942 | 1 Nextcloud | 1 Desktop | 2024-08-02 | 5.4 Medium |
| The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue. | ||||
| CVE-2023-23949 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2024-08-02 | 5.4 Medium |
| An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. | ||||
| CVE-2023-23971 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions. | ||||
| CVE-2023-23951 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2024-08-02 | 6.1 Medium |
| Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | ||||
| CVE-2023-23954 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-08-02 | 5.4 Medium |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | ||||
| CVE-2023-23950 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2024-08-02 | 6.1 Medium |
| User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. | ||||
| CVE-2023-23938 | 1 Enalean | 1 Tuleap | 2024-08-02 | 5.9 Medium |
| Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue has been addressed in Tuleap Community Edition version 14.5.99.4. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-23852 | 1 Sap | 1 Solution Manager | 2024-08-02 | 6.1 Medium |
| SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2023-23874 | 1 Metaphorcreations | 1 Ditty | 2024-08-02 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions. | ||||
| CVE-2023-23898 | 1 Creativethemes | 1 Blocksy Companion | 2024-08-02 | 5.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions. | ||||
| CVE-2023-23894 | 1 Surbma | 1 Gdpr Proof Cookie Consent \& Notice Bar | 2024-08-02 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions. | ||||
| CVE-2023-23727 | 1 Formilla | 1 Live Chat | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions. | ||||
| CVE-2023-23858 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-02 | 6.1 Medium |
| Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2023-23862 | 1 Vertical Scroll Recent Post Project | 1 Vertical Scroll Recent Post | 2024-08-02 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions. | ||||