Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-52083 |
Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4. Published: December 28, 2023; 6:15:43 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-50860 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85. Published: December 28, 2023; 6:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50859 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.1.6. Published: December 28, 2023; 6:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50836 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28. Published: December 28, 2023; 6:15:09 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-51501 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6. Published: December 28, 2023; 5:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50874 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1. Published: December 28, 2023; 5:15:08 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-4672 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS.This issue affects ECOP: before 32255. Published: December 28, 2023; 5:15:08 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-47215 |
Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. Published: December 26, 2023; 3:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-31297 |
An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client. Published: December 25, 2023; 2:15:08 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-37225 |
Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. Published: December 25, 2023; 1:15:08 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-43675 |
An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters. Published: December 25, 2023; 1:15:08 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-41762 |
An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl. Published: December 25, 2023; 1:15:08 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50727 |
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0. Published: December 22, 2023; 4:15:07 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50725 |
Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This issue has been patched in version 2.2.1. Published: December 22, 2023; 3:15:07 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50250 |
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available. Published: December 22, 2023; 12:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-51704 |
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. Published: December 21, 2023; 9:15:42 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-49086 |
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser. This issue has been patched in version 1.2.26. Published: December 21, 2023; 7:15:34 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-37520 |
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay. Published: December 21, 2023; 6:15:08 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-37519 |
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. Published: December 21, 2023; 5:15:13 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50834 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2. Published: December 21, 2023; 2:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |