Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-5880 |
When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser. Published: January 03, 2024; 3:15:21 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-6000 |
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. Published: January 01, 2024; 10:15:43 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-21732 |
FlyCms through abbaa5a allows XSS via the permission management feature. Published: January 01, 2024; 3:15:36 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-46900 |
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism. Published: December 31, 2023; 12:15:08 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-52269 |
MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators. Published: December 30, 2023; 8:15:07 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-52265 |
IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. Published: December 30, 2023; 6:15:42 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-52264 |
The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. Published: December 30, 2023; 6:15:42 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-52257 |
LogoBee 0.2 allows updates.php?id= XSS. Published: December 30, 2023; 3:15:07 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-52240 |
The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.) Published: December 29, 2023; 5:15:37 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50893 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4. Published: December 29, 2023; 7:15:45 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50892 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1. Published: December 29, 2023; 7:15:45 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50891 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. Published: December 29, 2023; 7:15:45 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50889 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2. Published: December 29, 2023; 7:15:45 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50881 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15. Published: December 29, 2023; 7:15:44 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50880 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1. Published: December 29, 2023; 7:15:44 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50879 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. Published: December 29, 2023; 7:15:44 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-41814 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. Published: December 29, 2023; 7:15:43 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-51541 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4. Published: December 29, 2023; 6:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51399 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3. Published: December 29, 2023; 6:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51397 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4. Published: December 29, 2023; 6:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |