Total
30540 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6166 | 1 Ays-pro | 1 Quiz Maker | 2024-08-02 | 6.1 Medium |
| The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | ||||
| CVE-2023-6161 | 1 Themeum | 1 Wp Crowdfunding | 2024-08-02 | 6.1 Medium |
| The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-6148 | 1 Qualys | 1 Policy Compliance | 2024-08-02 | 5.7 Medium |
| Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data | ||||
| CVE-2023-6103 | 1 Intelbras | 2 Rx 1500, Rx 1500 Firmware | 2024-08-02 | 2.4 Low |
| A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6075 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944. | ||||
| CVE-2023-6128 | 1 Salesagility | 1 Suitecrm | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | ||||
| CVE-2023-6122 | 1 Softomi | 1 Advanced C2c Marketplace Software | 2024-08-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı allows Reflected XSS.This issue affects Softomi Gelişmiş C2C Pazaryeri Yazılımı: before 12122023. | ||||
| CVE-2023-6142 | 1 Armanidrisi | 1 Dev Blog | 2024-08-02 | 6.4 Medium |
| Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim. | ||||
| CVE-2023-6027 | 1 Elijaa | 1 Phpmemcachedadmin | 2024-08-02 | 6.1 Medium |
| A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter. | ||||
| CVE-2023-6047 | 2024-08-02 | 6.1 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2. | ||||
| CVE-2023-6037 | 1 Ljapps | 1 Wp Tripadvisor Review Slider | 2024-08-02 | 4.8 Medium |
| The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-6050 | 1 Estatik | 1 Estatik | 2024-08-02 | 6.1 Medium |
| The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-6046 | 1 Myeventon | 1 Eventon | 2024-08-02 | 4.8 Medium |
| The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2023-6028 | 1 Br-automation | 1 Automation Runtime | 2024-08-02 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session. | ||||
| CVE-2023-6011 | 1 Dece | 1 Geodi | 2024-08-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.This issue affects Geodi: before 8.0.0.27396. | ||||
| CVE-2023-6013 | 1 H2o | 1 H2o | 2024-08-02 | 5.4 Medium |
| H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. | ||||
| CVE-2023-5942 | 1 Drelton | 1 Medialist | 2024-08-02 | 5.4 Medium |
| The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-5956 | 1 Markusbegerow | 1 Wp-adv-quiz | 2024-08-02 | 4.8 Medium |
| The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-6005 | 1 Myeventon | 1 Eventon | 2024-08-02 | 4.8 Medium |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-5946 | 1 Evarisk | 1 Digirisk | 2024-08-02 | 6.1 Medium |
| The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||