Export limit exceeded: 47282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5688 | 1 Modoboa | 1 Modoboa | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | ||||
| CVE-2023-5653 | 1 Wassup Real Time Analytics Project | 1 Wassup Real Time Analytics | 2024-11-21 | 6.1 Medium |
| The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins | ||||
| CVE-2023-5641 | 1 Martinstools | 1 Free \& Easy Link Building | 2024-11-21 | 6.1 Medium |
| The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-5620 | 1 Webpushr | 1 Web Push Notifications | 2024-11-21 | 5.4 Medium |
| The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. | ||||
| CVE-2023-5609 | 1 S-sols | 1 Seraphinite Accelerator | 2024-11-21 | 6.1 Medium |
| The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-5605 | 1 Kaizencoders | 1 Url Shortify | 2024-11-21 | 4.8 Medium |
| The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-5599 | 1 Dassault | 2 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 | 2024-11-21 | 5.4 Medium |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code. | ||||
| CVE-2023-5598 | 1 Dassault | 2 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 | 2024-11-21 | 5.4 Medium |
| Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code. | ||||
| CVE-2023-5585 | 1 Oretnom23 | 1 Online Motorcycle \(bike\) Rental System | 2024-11-21 | 2.4 Low |
| A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5581 | 1 Oretnom23 | 1 Medicine Tracker System | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5564 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1. | ||||
| CVE-2023-5562 | 1 Knime | 1 Knime Analytics Platform | 2024-11-21 | 6.1 Medium |
| An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently. KNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks. KNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor's knime.ini. | ||||
| CVE-2023-5558 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 6.1 Medium |
| The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-5556 | 1 Structurizr | 1 On-premises Installation | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194. | ||||
| CVE-2023-5547 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 3.3 Low |
| The course upload preview contained an XSS risk for users uploading unsafe data. | ||||
| CVE-2023-5546 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | ||||
| CVE-2023-5541 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.3 Low |
| The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | ||||
| CVE-2023-5530 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.8 Medium |
| The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue | ||||
| CVE-2023-5458 | 1 Ashik | 1 Cits Support Svg\, Webp Media And Ttf\,otf File Upload | 2024-11-21 | 5.4 Medium |
| The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||