Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0787 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 8.1 High |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0827 | 1 Pimcore | 1 Pimcore | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. | ||||
| CVE-2023-0742 | 1 Answer | 1 Answer | 2024-08-02 | 9.0 Critical |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2023-0794 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 8.3 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0743 | 1 Answer | 1 Answer | 2024-08-02 | 9.0 Critical |
| Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2023-0746 | 1 Gigamon | 1 Gigavue-os | 2024-08-02 | 6.3 Medium |
| The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting. | ||||
| CVE-2023-0738 | 1 Orangescrum | 1 Orangescrum | 2024-08-02 | 6.1 Medium |
| OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | ||||
| CVE-2023-0736 | 1 Wallabag | 1 Wallabag | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. | ||||
| CVE-2023-0747 | 1 Btcpayserver | 1 Btcpayserver | 2024-08-02 | 5.5 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | ||||
| CVE-2023-0676 | 1 Phpipam | 1 Phpipam | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. | ||||
| CVE-2023-0695 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-08-02 | 5.4 Medium |
| The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | ||||
| CVE-2023-0677 | 1 Phpipam | 1 Phpipam | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. | ||||
| CVE-2023-0650 | 1 Yetanotherforum | 1 Yaf.net | 2024-08-02 | 3.5 Low |
| A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The identifier of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability. | ||||
| CVE-2023-0639 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2024-08-02 | 2.4 Low |
| A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. | ||||
| CVE-2023-0624 | 1 Orangescrum | 1 Orangescrum | 2024-08-02 | 6.1 Medium |
| OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | ||||
| CVE-2023-0606 | 1 Ampache | 1 Ampache | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7. | ||||
| CVE-2023-0571 | 1 Canteen Management System Project | 1 Canteen Management System | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0594 | 2 Grafana, Redhat | 2 Grafana, Ceph Storage | 2024-08-02 | 7.3 High |
| Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. | ||||
| CVE-2023-0608 | 1 Microweber | 1 Microweber | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2023-0599 | 1 Rapid7 | 1 Metasploit | 2024-08-02 | 6.1 Medium |
| Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator. | ||||