Total
43084 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53916 | 1 Zenphoto | 1 Zenphoto | 2026-04-07 | 4.6 Medium |
| Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context. | ||||
| CVE-2023-53915 | 1 Zenphoto | 1 Zenphoto | 2026-04-07 | 4.6 Medium |
| Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users view the album page. | ||||
| CVE-2023-53911 | 1 Textpattern | 1 Textpattern | 2026-04-07 | 5.4 Medium |
| Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users. | ||||
| CVE-2023-53910 | 1 Wbce | 1 Wbce Cms | 2026-04-07 | 5.4 Medium |
| WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript when users view the affected page. | ||||
| CVE-2023-53909 | 1 Wbce | 1 Wbce Cms | 2026-04-07 | 5.4 Medium |
| WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the /wbce/modules/elfinder/ef/php/connector.wbce.php endpoint and execute JavaScript when victims access the uploaded file. | ||||
| CVE-2023-53906 | 1 Projectsend | 1 Projectsend | 2026-04-07 | 4.8 Medium |
| projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users load the affected page, enabling persistent script injection. | ||||
| CVE-2023-53904 | 1 Xenforo | 1 Xenforo | 2026-04-07 | 4.6 Medium |
| Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded, potentially enabling further client-side attacks. | ||||
| CVE-2023-53903 | 1 Websitebaker | 1 Websitebaker | 2026-04-07 | 5.4 Medium |
| WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting attacks. | ||||
| CVE-2023-53900 | 1 Spip | 1 Spip | 2026-04-07 | 8.8 High |
| Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering. | ||||
| CVE-2023-53898 | 1 Rukovoditel | 1 Rukovoditel | 2026-04-07 | 5.4 Medium |
| Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers. | ||||
| CVE-2023-53897 | 1 Rukovoditel | 1 Rukovoditel | 2026-04-07 | 5.4 Medium |
| Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers. | ||||
| CVE-2023-53891 | 1 Blackcat-cms | 1 Blackcat Cms | 2026-04-07 | 5.4 Medium |
| Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page. | ||||
| CVE-2023-53890 | 2 Grabaperch, Perch | 2 Perch, Perch Cms | 2026-04-07 | 5.4 Medium |
| Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks. | ||||
| CVE-2023-53887 | 2 Zomp, Zomplog | 2 Zomplog, Zomplog | 2026-04-07 | 5.4 Medium |
| Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser. | ||||
| CVE-2023-53884 | 1 Webedition | 1 Webedition Cms | 2026-04-07 | 5.4 Medium |
| Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users. | ||||
| CVE-2023-53882 | 2026-04-07 | N/A | ||
| JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers. | ||||
| CVE-2023-53880 | 1 Lucee | 1 Lucee Server | 2026-04-07 | N/A |
| Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions. | ||||
| CVE-2023-53870 | 1 Jorani | 2 Jorani, Leave Management System | 2026-04-07 | N/A |
| Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information. | ||||
| CVE-2023-53735 | 1 Webigniter | 1 Webigniter | 2026-04-07 | N/A |
| WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks. | ||||
| CVE-2022-50937 | 1 Ametys | 1 Ametys | 2026-04-07 | 6.1 Medium |
| Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules. | ||||