Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0432 | 1 Deltaww | 2 Dx-2100l1-cn, Dx-2100l1-cn Firmware | 2024-08-02 | 9.0 Critical |
| The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised. | ||||
| CVE-2023-0410 | 1 Builder | 1 Qwik | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5. | ||||
| CVE-2023-0338 | 1 Daloradius | 1 Daloradius | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | ||||
| CVE-2023-0377 | 1 Robincornett | 1 Scriptless Social Sharing | 2024-08-02 | 5.4 Medium |
| The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0376 | 1 Themeum | 1 Qubely | 2024-08-02 | 5.4 Medium |
| The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0368 | 1 Responsive Tabs For Wpbakery Page Builder Project | 1 Responsive Tabs For Wpbakery Page Builder | 2024-08-02 | 5.4 Medium |
| The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-0370 | 1 Wpbean | 1 Wpb Advanced Faq | 2024-08-02 | 5.4 Medium |
| The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0373 | 1 Smartwp | 1 Lightweight Accordion | 2024-08-02 | 5.4 Medium |
| The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-0323 | 1 Pimcore | 1 Pimcore | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. | ||||
| CVE-2023-0363 | 1 Nlb-creations | 1 Scheduled Announcements Widget | 2024-08-02 | 5.4 Medium |
| The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0357 | 1 Helpy.io | 1 Helpy | 2024-08-02 | 6.1 Medium |
| Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket. | ||||
| CVE-2023-0337 | 1 Daloradius | 1 Daloradius | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | ||||
| CVE-2023-0327 | 1 Theradsystem Project | 1 Theradsystem | 2024-08-02 | 3.5 Low |
| A vulnerability was found in saemorris TheRadSystem. It has been classified as problematic. Affected is an unknown function of the file users.php. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. VDB-218454 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0312 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0314 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0322 | 1 Talentyazilim | 1 Unis | 2024-08-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 28376. | ||||
| CVE-2023-0313 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0301 | 1 Opencollective | 1 Alf.io | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301. | ||||
| CVE-2023-0325 | 1 Uvdesk | 1 Community-skeleton | 2024-08-02 | 6.1 Medium |
| Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket. | ||||
| CVE-2023-0306 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||