Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1318 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1320 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1319 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1317 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1316 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1315 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2021-30151 | 2 Contribsys, Debian | 2 Sidekiq, Debian Linux | 2023-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | |||||
| CVE-2023-27472 | 1 Quickentity Editor Project | 1 Quickentity Editor | 2023-03-10 | N/A | 6.1 MEDIUM |
| quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-0069 | 1 Wpaudio Mp3 Player Project | 1 Wpaudio Mp3 Player | 2023-03-10 | N/A | 5.4 MEDIUM |
| The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0076 | 1 Dfactory | 1 Download Attachments | 2023-03-10 | N/A | 5.4 MEDIUM |
| The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0065 | 1 I2 Pros \& Cons Project | 1 I2 Pros \& Cons | 2023-03-10 | N/A | 5.4 MEDIUM |
| The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0063 | 1 Synved | 1 Wordpress Shortcodes | 2023-03-10 | N/A | 5.4 MEDIUM |
| The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-1197 | 1 Uvdesk | 1 Community-skeleton | 2023-03-10 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. | |||||
| CVE-2023-1200 | 1 Ehuacui-bbs Project | 1 Ehuacui-bbs | 2023-03-10 | N/A | 5.4 MEDIUM |
| A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388. | |||||
| CVE-2023-0212 | 1 Advanced Recent Posts Project | 1 Advanced Recent Posts | 2023-03-10 | N/A | 5.4 MEDIUM |
| The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-1212 | 1 Phpipam | 1 Phpipam | 2023-03-10 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. | |||||
| CVE-2023-0165 | 1 Nicdark | 1 Cost Calculator | 2023-03-10 | N/A | 5.4 MEDIUM |
| The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0078 | 1 Resumebuilder | 1 Resume Builder | 2023-03-10 | N/A | 5.4 MEDIUM |
| The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users | |||||
| CVE-2022-4862 | 1 M-files | 1 M-files Server | 2023-03-10 | N/A | 7.6 HIGH |
| Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | |||||
| CVE-2022-2178 | 1 Saysis | 1 Starcities | 2023-03-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saysis Computer Starcities. This issue affects Starcities: before 1.1. | |||||