Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-50369 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma – Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma – Pay in installments or later for WooCommerce: from n/a through 5.1.3. Published: December 14, 2023; 9:15:44 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50368 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2. Published: December 14, 2023; 9:15:44 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-49847 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0. Published: December 14, 2023; 9:15:44 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-49846 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.17. Published: December 14, 2023; 9:15:44 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-49836 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0. Published: December 14, 2023; 9:15:43 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50371 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6. Published: December 14, 2023; 8:15:54 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-40659 |
A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40658 |
A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40657 |
A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40656 |
A reflected XSS vulnerability was discovered in the Quickform component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40655 |
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40628 |
A reflected XSS vulnerability was discovered in the Extplorer component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40627 |
A reflected XSS vulnerability was discovered in the LivingWord component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6720 |
An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads. Published: December 13, 2023; 5:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6719 |
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session. Published: December 13, 2023; 5:15:11 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-47575 |
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS. Published: December 12, 2023; 9:15:07 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-28604 |
The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases. Published: December 12, 2023; 12:15:07 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-42478 |
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. Published: December 11, 2023; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.6 HIGH V2.0:(not available) |
CVE-2022-48614 |
Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS. Published: December 10, 2023; 2:15:07 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-28873 |
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. Published: December 09, 2023; 2:15:07 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |