Total
30717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23686 | 1 Simple Staff List Project | 1 Simple Staff List | 2024-08-02 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions. | ||||
| CVE-2023-23647 | 1 Wpmart | 1 Team Member - Team With Slider | 2024-08-02 | 5.9 Medium |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions. | ||||
| CVE-2023-23637 | 1 Unistra | 1 Impatient | 2024-08-02 | 7.6 High |
| IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information. | ||||
| CVE-2023-23630 | 1 Eta.js | 1 Eta | 2024-08-02 | 8.6 High |
| Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to `res.render`. | ||||
| CVE-2023-23572 | 1 Epson | 100 Esifnw1, Esifnw1 Firmware, Esnsb1 and 97 more | 2024-08-02 | 4.8 Medium |
| Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. | ||||
| CVE-2023-23553 | 1 Controlbyweb | 2 X-400, X-400 Firmware | 2024-08-02 | 4.5 Medium |
| Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker. | ||||
| CVE-2023-23491 | 1 Fullworksplugins | 1 Quick Event Manager | 2024-08-02 | 6.1 Medium |
| The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action. | ||||
| CVE-2023-23480 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-08-02 | 5.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885. | ||||
| CVE-2023-23481 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2024-08-02 | 6.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889. | ||||
| CVE-2023-23475 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-08-02 | 4.6 Medium |
| IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. | ||||
| CVE-2023-23467 | 1 Mediacp | 1 Media Control Panel | 2024-08-02 | 8.1 High |
| Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint. | ||||
| CVE-2023-23408 | 1 Microsoft | 1 Azure Hdinsights | 2024-08-02 | 4.5 Medium |
| Azure Apache Ambari Spoofing Vulnerability | ||||
| CVE-2023-23286 | 1 Farsight | 1 Provide Server | 2024-08-02 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form. | ||||
| CVE-2023-23012 | 1 Classroombookings | 1 Classroombookings | 2024-08-02 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php. | ||||
| CVE-2023-23372 | 1 Qnap | 2 Qts, Quts Hero | 2024-08-02 | 6.5 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later | ||||
| CVE-2023-23277 | 1 Snippet Box Project | 1 Snippet Box | 2024-08-02 | 6.1 Medium |
| Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field. | ||||
| CVE-2023-23075 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-08-02 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | ||||
| CVE-2023-23161 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-08-02 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. | ||||
| CVE-2023-23326 | 1 Avantfax | 1 Avantfax | 2024-08-02 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session. | ||||
| CVE-2023-23313 | 1 Draytek | 182 Vigor130, Vigor130 Firmware, Vigor165 and 179 more | 2024-08-02 | 6.1 Medium |
| Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. | ||||