Total
30498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2826 | 1 Class Scheduling System Project | 1 Class Scheduling System | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612. | ||||
| CVE-2023-2835 | 1 Wpdirectorykit | 1 Wp Directory Kit | 2024-08-02 | 6.1 Medium |
| The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-2707 | 1 Gappointments | 1 Gappointments | 2024-08-02 | 4.8 Medium |
| The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-2718 | 1 Codepeople | 1 Contact Form Email | 2024-08-02 | 5.4 Medium |
| The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. | ||||
| CVE-2023-2753 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta. | ||||
| CVE-2023-2767 | 1 Iptanus | 2 Wordpress File Upload, Wordpress File Upload Pro | 2024-08-02 | 4.4 Medium |
| The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2023-2739 | 1 Gira | 2 Gira Home Server, Gira Home Server Firmware | 2024-08-02 | 4.3 Medium |
| A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. This vulnerability affects unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27"><img%20src=x%20onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2691 | 1 Personnel Property Equipment System Project | 1 Personnel Property Equipment System | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972. | ||||
| CVE-2023-2735 | 1 Groundhogg | 1 Groundhogg | 2024-08-02 | 4.9 Medium |
| The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms. | ||||
| CVE-2023-2710 | 1 I13websolution | 1 Video Carousel Slider With Lightbox | 2024-08-02 | 6.1 Medium |
| The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-2730 | 1 Pimcore | 1 Pimcore | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | ||||
| CVE-2023-2708 | 1 I13websolution | 1 Video Gallery | 2024-08-02 | 6.1 Medium |
| The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-2678 | 1 File Tracker Manager System Project | 1 File Tracker Manager System | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228892. | ||||
| CVE-2023-2692 | 1 Ict Laboratory Management System Project | 1 Ict Laboratory Management System | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability. | ||||
| CVE-2023-2671 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-08-02 | 3.5 Low |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887. | ||||
| CVE-2023-2657 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799. | ||||
| CVE-2023-2566 | 1 Open-emr | 1 Openemr | 2024-08-02 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | ||||
| CVE-2023-2667 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883. | ||||
| CVE-2023-2614 | 1 Pimcore | 1 Pimcore | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2591 | 1 Teampass | 1 Teampass | 2024-08-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | ||||