Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0320 | 1 University Information Management System Project | 1 University Information Management System | 2024-08-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16. | ||||
| CVE-2023-0310 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0300 | 1 Opencollective | 1 Alf.io | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301. | ||||
| CVE-2023-0308 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0309 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0289 | 1 Webcalendar Project | 1 Webcalendar | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master. | ||||
| CVE-2023-0287 | 1 Favorites-web Project | 1 Favorites-web | 2024-08-02 | 3.5 Low |
| A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0219 | 1 Wpmanageninja | 1 Fluentsmtp | 2024-08-02 | 5.4 Medium |
| The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. | ||||
| CVE-2023-0280 | 1 Topdigitaltrends | 1 Ultimate Carousel For Elementor | 2024-08-02 | 5.4 Medium |
| The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0174 | 1 Rextheme | 1 Wp Vr | 2024-08-02 | 5.4 Medium |
| The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0258 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-08-02 | 2.4 Low |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Category List Handler. The manipulation of the argument Reason with the input "><script>prompt(1)</script> leads to cross site scripting. The attack may be launched remotely. VDB-218186 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0214 | 1 Trellix | 1 Skyhigh Secure Web Gateway | 2024-08-02 | 6.1 Medium |
| A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG. | ||||
| CVE-2023-0157 | 1 Updraftplus | 1 All-in-one Security | 2024-08-02 | 4.8 Medium |
| The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page. | ||||
| CVE-2023-0151 | 1 Utubevideo Gallery Project | 1 Utubevideo Gallery | 2024-08-02 | 5.4 Medium |
| The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0125 | 1 Control Id Panel Project | 1 Control Id Panel | 2024-08-02 | 2.4 Low |
| A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability. | ||||
| CVE-2023-0144 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2024-08-02 | 5.4 Medium |
| The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0246 | 1 Espcms | 1 Espcms | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-218154 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0111 | 1 Usememos | 1 Memos | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | ||||
| CVE-2023-0119 | 1 Redhat | 5 Enterprise Linux, Satellite, Satellite Capsule and 2 more | 2024-08-02 | 5.4 Medium |
| A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. | ||||
| CVE-2023-0108 | 1 Usememos | 1 Memos | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | ||||