Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1836 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 4.4 Medium |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances | ||||
| CVE-2023-1860 | 1 Keysight | 1 Hawkeye | 2024-08-02 | 3.5 Low |
| A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste"><script>alert(%27c4ng4c3ir0%27)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-224998 is the identifier assigned to this vulnerability. NOTE: Vendor did not respond if and how they may handle this issue. | ||||
| CVE-2023-1841 | 2024-08-02 | 8.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versions correct the reported vulnerability. | ||||
| CVE-2023-1879 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1881 | 1 Microweber | 1 Microweber | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | ||||
| CVE-2023-1852 | 1 Online Payroll System Project | 1 Online Payroll System | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Online Payroll System 1.0. This vulnerability affects unknown code of the file /admin/deduction_edit.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-224992. | ||||
| CVE-2023-1853 | 1 Online Payroll System Project | 1 Online Payroll System | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability. | ||||
| CVE-2023-1878 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1882 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1884 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1851 | 1 Online Payroll System Project | 1 Online Payroll System | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991. | ||||
| CVE-2023-1869 | 1 Plugin | 1 Yourchannel | 2024-08-02 | 5.5 Medium |
| The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2023-1798 | 1 Eyoucms | 1 Eyoucms | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1799 | 1 Eyoucms | 1 Eyoucms | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751. | ||||
| CVE-2023-1783 | 1 Orangescrum | 1 Orangescrum | 2024-08-02 | 6.5 Medium |
| OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF. | ||||
| CVE-2023-1776 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 7.3 High |
| Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file. | ||||
| CVE-2023-1757 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1724 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2024-08-02 | 7.3 High |
| Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS. | ||||
| CVE-2023-1754 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 4.7 Medium |
| Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1759 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||