Total
30498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2553 | 1 Bumsys Project | 1 Bumsys | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0. | ||||
| CVE-2023-2565 | 1 Multi Language Hotel Management Software Project | 1 Multi Language Hotel Management Software | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172. | ||||
| CVE-2023-2560 | 1 Newbinggogo Project | 1 Newbinggogo | 2024-08-02 | 3.5 Low |
| A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167. | ||||
| CVE-2023-2527 | 1 Crmperks | 1 Integration For Contact Form 7 And Zoho Crm\, Bigin | 2024-08-02 | 4.8 Medium |
| The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | ||||
| CVE-2023-2550 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | ||||
| CVE-2023-2587 | 1 Teltonika | 1 Remote Management System | 2024-08-02 | 7.5 High |
| Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices. | ||||
| CVE-2023-2616 | 1 Pimcore | 1 Pimcore | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2615 | 1 Pimcore | 1 Pimcore | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2490 | 1 Useragent-spy Project | 1 Useragent-spy | 2024-08-02 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions. | ||||
| CVE-2023-2521 | 1 Ez-net | 2 Next-7004n, Next-7004n Firmware | 2024-08-02 | 3.5 Low |
| A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2452 | 1 Advanced-woo-search | 1 Advanced Woo Search | 2024-08-02 | 4.4 Medium |
| The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2023-2498 | 1 Granthweb | 1 Go Pricing | 2024-08-02 | 6.4 Medium |
| The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-2516 | 1 Teampass | 1 Teampass | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | ||||
| CVE-2023-2477 | 1 Funadmin | 1 Funadmin | 2024-08-02 | 3.5 Low |
| A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability. | ||||
| CVE-2023-2476 | 1 J2eefast | 1 J2eefast | 2024-08-02 | 3.5 Low |
| A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868. | ||||
| CVE-2023-2475 | 1 J2eefast | 1 J2eefast | 2024-08-02 | 3.5 Low |
| A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867. | ||||
| CVE-2023-2509 | 1 Asustor | 3 Adm, Looksgood, Soundsgood | 2024-08-02 | 7.1 High |
| A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below. | ||||
| CVE-2023-2428 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | ||||
| CVE-2023-2383 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2024-08-02 | 2.4 Low |
| A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2436 | 1 Blog-in-blog Project | 1 Blog-in-blog | 2024-08-02 | 5.5 Medium |
| The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||