Export limit exceeded: 46898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48300 | 1 Epiph | 1 Embed Privacy | 2024-11-21 | 6.3 Medium |
| The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue. | ||||
| CVE-2023-48295 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.3 Medium |
| LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48219 | 1 Tiny | 1 Tinymce | 2024-11-21 | 6.1 Medium |
| TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48206 | 1 Mayurik | 1 Courier Management System | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. | ||||
| CVE-2023-48172 | 1 Phpjabbers | 1 Shuttle Booking Software | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. | ||||
| CVE-2023-48116 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. | ||||
| CVE-2023-48115 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. | ||||
| CVE-2023-48114 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name. | ||||
| CVE-2023-48094 | 1 Cesium | 1 Cesiumjs | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product. | ||||
| CVE-2023-48088 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 5.4 Medium |
| xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. | ||||
| CVE-2023-48068 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | ||||
| CVE-2023-48055 | 1 Superagi | 1 Superagi | 2024-11-21 | 7.5 High |
| SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | ||||
| CVE-2023-48053 | 1 Archerydms | 1 Archery | 2024-11-21 | 7.5 High |
| Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | ||||
| CVE-2023-48042 | 1 Communitydeveloper | 1 Amazzing Filter | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. | ||||
| CVE-2023-47839 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions. | ||||
| CVE-2023-47835 | 1 Ari-soft | 1 Ari Stream Quiz | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions. | ||||
| CVE-2023-47834 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions. | ||||
| CVE-2023-47833 | 1 Slimndap | 1 Theater For Wordpress | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress plugin <= 0.18.3 versions. | ||||
| CVE-2023-47831 | 1 Assortedchips | 1 Drawit | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in assorted[chips] DrawIt (draw.Io) plugin <= 1.1.3 versions. | ||||
| CVE-2023-47829 | 1 Codez | 1 Quick Call Button | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codez Quick Call Button plugin <= 1.2.9 versions. | ||||