Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-6433 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:21 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6432 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:21 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6431 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categories_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:21 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6430 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:21 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6429 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:21 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6428 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6427 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6426 |
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6425 |
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6424 |
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6423 |
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:19 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6422 |
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. Published: November 30, 2023; 9:15:19 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6420 |
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. Published: November 30, 2023; 9:15:19 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6419 |
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. Published: November 30, 2023; 9:15:19 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6027 |
A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter. Published: November 30, 2023; 9:15:14 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-41128 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8. Published: November 30, 2023; 8:15:08 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-41127 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1. Published: November 30, 2023; 8:15:08 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-40680 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0. Published: November 30, 2023; 8:15:07 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-40674 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118. Published: November 30, 2023; 8:15:07 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-38474 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12. Published: November 30, 2023; 8:15:07 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |