Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1080 | 1 Gnpublisher | 1 Gn Publisher | 2023-03-08 | N/A | 6.1 MEDIUM |
| The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2022-45137 | 1 Wago | 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more | 2023-03-08 | N/A | 6.1 MEDIUM |
| The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. | |||||
| CVE-2019-1949 | 1 Cisco | 1 Firepower Management Center | 2023-03-07 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2022-39348 | 2 Debian, Twistedmatrix | 2 Debian Linux, Twisted | 2023-03-07 | N/A | 5.4 MEDIUM |
| Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. | |||||
| CVE-2023-25807 | 1 Dataease | 1 Dataease | 2023-03-07 | N/A | 5.4 MEDIUM |
| DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. | |||||
| CVE-2022-0350 | 1 B3log | 1 Vditor | 2023-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13. | |||||
| CVE-2022-1290 | 1 Trudesk Project | 1 Trudesk | 2023-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | |||||
| CVE-2023-0868 | 1 Opennms | 2 Horizon, Meridian | 2023-03-07 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | |||||
| CVE-2019-25105 | 1 Dro.pm Project | 1 Dro.pm | 2023-03-07 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763. | |||||
| CVE-2023-26091 | 1 Frappant | 1 Forms Export | 2023-03-07 | N/A | 6.1 MEDIUM |
| The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails. | |||||
| CVE-2007-5000 | 6 Apache, Canonical, Fedoraproject and 3 more | 7 Http Server, Ubuntu Linux, Fedora and 4 more | 2023-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2023-26042 | 1 Part-db Project | 1 Part-db | 2023-03-07 | N/A | 6.1 MEDIUM |
| Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later. | |||||
| CVE-2023-25825 | 1 Zoneminder | 1 Zoneminder | 2023-03-07 | N/A | 6.1 MEDIUM |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33. | |||||
| CVE-2021-32302 | 1 Irz | 2 Ruh2, Ruh2 Firmware | 2023-03-07 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. | |||||
| CVE-2023-22860 | 1 Ibm | 1 Cloud Pak For Business Automation | 2023-03-06 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. | |||||
| CVE-2022-3506 | 1 Never5 | 1 Related Posts | 2023-03-06 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3. | |||||
| CVE-2023-25431 | 1 Online Reviewer Management System Project | 1 Online Reviewer Management System | 2023-03-06 | N/A | 4.8 MEDIUM |
| An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php. | |||||
| CVE-2023-1103 | 1 Flatpress | 1 Flatpress | 2023-03-06 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1104 | 1 Flatpress | 1 Flatpress | 2023-03-06 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2021-33387 | 1 1234n | 1 Minicms | 2023-03-06 | N/A | 9.6 CRITICAL |
| Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request. | |||||