Export limit exceeded: 364527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47241 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42452 | 1 Joinmastodon | 1 Mastodon | 2024-11-21 | 6.1 Medium |
| Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to execute in the browser. The impact is limited thanks to Mastodon's strict Content Security Policy, blocking inline scripts, etc. However a CSP bypass or loophole could be exploited to execute malicious XSS. Furthermore, it requires user interaction, as this can only occur upon clicking the “Translate” button on a malicious post. Versions 4.0.10, 4.2.8, and 4.2.0-rc2 contain a patch for this issue. | ||||
| CVE-2023-42436 | 1 Weseek | 1 Growi | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | ||||
| CVE-2023-42431 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | 2.1 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context. | ||||
| CVE-2023-42426 | 1 Froala | 1 Froala Editor | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. | ||||
| CVE-2023-42399 | 1 Xdsoft | 1 Joditeditor | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component. | ||||
| CVE-2023-42371 | 1 Summernote | 1 Rich Text Editor | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component. | ||||
| CVE-2023-42362 | 1 Teller | 1 Teller | 2024-11-21 | 5.4 Medium |
| An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file. | ||||
| CVE-2023-42336 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2024-11-21 | 9.8 Critical |
| An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. | ||||
| CVE-2023-42328 | 1 Peppermint | 1 Peppermint | 2024-11-21 | 8.8 High |
| An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. | ||||
| CVE-2023-42327 | 1 Netgate | 1 Pfsense | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | ||||
| CVE-2023-42253 | 1 Vehicle Management Project | 1 Vehicle Management | 2024-11-21 | 6.1 Medium |
| Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scripting (XSS) in Add Accounts via Invoice No, To, and Mammul. | ||||
| CVE-2023-42029 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2024-11-21 | 4.8 Medium |
| IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. | ||||
| CVE-2023-42022 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938. | ||||
| CVE-2023-42014 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 5.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265511. | ||||
| CVE-2023-42009 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504. | ||||
| CVE-2023-41949 | 1 Avirtum | 1 Ifolders | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions. | ||||
| CVE-2023-41948 | 1 Christophrado | 1 Cookie Notice \& Consent | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions. | ||||
| CVE-2023-41944 | 1 Jenkins | 1 Aws Codecommit Trigger | 2024-11-21 | 6.1 Medium |
| Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability. | ||||
| CVE-2023-41940 | 1 Jenkins | 1 Tap | 2024-11-21 | 5.4 Medium |
| Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. | ||||
| CVE-2023-41931 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | 5.4 Medium |
| Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||