Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0948 | 1 Artisanworkshop | 1 Japanized For Woocommerce | 2024-08-02 | 6.1 Medium |
| The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | ||||
| CVE-2023-0945 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592. | ||||
| CVE-2023-0949 | 1 Modoboa | 1 Modoboa | 2024-08-02 | 4.8 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5. | ||||
| CVE-2023-0934 | 1 Answer | 1 Answer | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5. | ||||
| CVE-2023-0867 | 1 Opennms | 2 Horizon, Meridian | 2024-08-02 | 6.7 Medium |
| Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0868 | 1 Opennms | 2 Horizon, Meridian | 2024-08-02 | 6.7 Medium |
| Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0878 | 1 Nuxt | 1 Nuxt | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. | ||||
| CVE-2023-0869 | 1 Opennms | 2 Horizon, Meridian | 2024-08-02 | 5.8 Medium |
| Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0879 | 1 Btcpayserver | 1 Btcpay Server | 2024-08-02 | 6.3 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. | ||||
| CVE-2023-0902 | 1 Simple Food Ordering System Project | 1 Simple Food Ordering System | 2024-08-02 | 3.5 Low |
| A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451. | ||||
| CVE-2023-0776 | 1 Baicells | 8 Neutrino 430, Neutrino 430 Firmware, Nova430e and 5 more | 2024-08-02 | 8.1 High |
| Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. | ||||
| CVE-2023-0810 | 1 Btcpayserver | 1 Btcpayserver | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11. | ||||
| CVE-2023-0840 | 1 Phpcrazy Project | 1 Phpcrazy | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0835 | 1 Markdown-pdf Project | 1 Markdown-pdf | 2024-08-02 | 8.2 High |
| markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user. | ||||
| CVE-2023-0741 | 1 Answer | 1 Answer | 2024-08-02 | 9.0 Critical |
| Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2023-0791 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 8.3 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0740 | 1 Answer | 1 Answer | 2024-08-02 | 9.0 Critical |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2023-0786 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 8.4 High |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0769 | 1 Hiweb | 1 Migration Simple | 2024-08-02 | 6.1 Medium |
| The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | ||||
| CVE-2023-0846 | 1 Opennms | 2 Horizon, Meridian | 2024-08-02 | 6.7 Medium |
| Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||