Total
30498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3388 | 1 Beautiful-cookie-banner | 1 Beautiful Cookie Consent Banner | 2024-08-02 | 7.2 High |
| The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2. | ||||
| CVE-2023-3332 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-08-02 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. | ||||
| CVE-2023-3311 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2024-08-02 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807. | ||||
| CVE-2023-3294 | 1 Saleor | 1 React-storefront | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7. | ||||
| CVE-2023-3245 | 1 Premio | 1 Chaty | 2024-08-02 | 4.8 Medium |
| The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-3309 | 1 Resort Reservation System Project | 1 Resort Reservation System | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability. | ||||
| CVE-2023-3293 | 1 Salesagility | 1 Suitecrm | 2024-08-02 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. | ||||
| CVE-2023-3191 | 1 Teampass | 1 Teampass | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-3165 | 1 Janobe | 1 Life Insurance Management System | 2024-08-02 | 3.5 Low |
| A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability. | ||||
| CVE-2023-3189 | 1 Online School Fees System Project | 1 Online School Fees System | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online School Fees System 1.0. This affects an unknown part of the file /paysystem/branch.php of the component POST Parameter Handler. The manipulation of the argument branch leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231501 was assigned to this vulnerability. | ||||
| CVE-2023-3184 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2024-08-02 | 2.4 Low |
| A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164. | ||||
| CVE-2023-3144 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability. | ||||
| CVE-2023-3183 | 1 Performance Indicator System Project | 1 Performance Indicator System | 2024-08-02 | 3.5 Low |
| A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163. | ||||
| CVE-2023-3142 | 1 Microweber | 1 Microweber | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | ||||
| CVE-2023-3143 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012. | ||||
| CVE-2023-3122 | 1 Dev4press | 1 Gd Mail Queue | 2024-08-02 | 7.2 High |
| The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-3109 | 1 Admidio | 1 Admidio | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. | ||||
| CVE-2023-3093 | 1 Yaycommerce | 1 Yaysmtp | 2024-08-02 | 7.2 High |
| The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-3026 | 1 Diagrams | 1 Drawio | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8. | ||||
| CVE-2023-3051 | 1 Azexo | 1 Page Builder With Image Map By Azexo | 2024-08-02 | 6.4 Medium |
| The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||