Export limit exceeded: 47241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47241 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-42452 1 Joinmastodon 1 Mastodon 2024-11-21 6.1 Medium
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to execute in the browser. The impact is limited thanks to Mastodon's strict Content Security Policy, blocking inline scripts, etc. However a CSP bypass or loophole could be exploited to execute malicious XSS. Furthermore, it requires user interaction, as this can only occur upon clicking the “Translate” button on a malicious post. Versions 4.0.10, 4.2.8, and 4.2.0-rc2 contain a patch for this issue.
CVE-2023-42436 1 Weseek 1 Growi 2024-11-21 5.4 Medium
Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVE-2023-42431 1 Hallowelt 1 Bluespice 2024-11-21 2.1 Low
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.
CVE-2023-42426 1 Froala 1 Froala Editor 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
CVE-2023-42399 1 Xdsoft 1 Joditeditor 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.
CVE-2023-42371 1 Summernote 1 Rich Text Editor 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component.
CVE-2023-42362 1 Teller 1 Teller 2024-11-21 5.4 Medium
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.
CVE-2023-42336 1 Netis-systems 2 Wf2409e, Wf2409e Firmware 2024-11-21 9.8 Critical
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.
CVE-2023-42328 1 Peppermint 1 Peppermint 2024-11-21 8.8 High
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
CVE-2023-42327 1 Netgate 1 Pfsense 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.
CVE-2023-42253 1 Vehicle Management Project 1 Vehicle Management 2024-11-21 6.1 Medium
Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scripting (XSS) in Add Accounts via Invoice No, To, and Mammul.
CVE-2023-42029 4 Hp, Ibm, Linux and 1 more 6 Hp-ux, Aix, Cics Tx and 3 more 2024-11-21 4.8 Medium
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.
CVE-2023-42022 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.
CVE-2023-42014 1 Ibm 1 Sterling B2b Integrator 2024-11-21 5.4 Medium
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265511.
CVE-2023-42009 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504.
CVE-2023-41949 1 Avirtum 1 Ifolders 2024-11-21 5.9 Medium
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions.
CVE-2023-41948 1 Christophrado 1 Cookie Notice \& Consent 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions.
CVE-2023-41944 1 Jenkins 1 Aws Codecommit Trigger 2024-11-21 6.1 Medium
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.
CVE-2023-41940 1 Jenkins 1 Tap 2024-11-21 5.4 Medium
Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.
CVE-2023-41931 1 Jenkins 1 Job Configuration History 2024-11-21 5.4 Medium
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.