Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1146 | 1 Flatpress | 1 Flatpress | 2023-03-03 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1147 | 1 Flatpress | 1 Flatpress | 2023-03-03 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1107 | 1 Flatpress | 1 Flatpress | 2023-03-03 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1148 | 1 Flatpress | 1 Flatpress | 2023-03-03 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2020-18693 | 1 Mineweb | 1 Minewebcms | 2023-03-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'. | |||||
| CVE-2019-15108 | 1 Wso2 | 1 Api Manager | 2023-03-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. | |||||
| CVE-2022-46785 | 1 Squaredup | 1 Dashboard Server | 2023-03-03 | N/A | 6.1 MEDIUM |
| SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2). | |||||
| CVE-2022-4795 | 1 Galleries By Angie Makes Project | 1 Galleries By Angie Makes | 2023-03-03 | N/A | 5.4 MEDIUM |
| The Galleries by Angie Makes WordPress plugin through 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4788 | 1 Embed Pdf Project | 1 Embed Pdf | 2023-03-03 | N/A | 5.4 MEDIUM |
| The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4757 | 1 List Pages Shortcode Project | 1 List Pages Shortcode | 2023-03-03 | N/A | 5.4 MEDIUM |
| The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4679 | 1 Wufoo | 1 Shortcode | 2023-03-03 | N/A | 5.4 MEDIUM |
| The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-1036 | 1 Dental Clinic Appointment Reservation System Project | 1 Dental Clinic Appointment Reservation System | 2023-03-03 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /APR/signup.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221794 is the identifier assigned to this vulnerability. | |||||
| CVE-2019-10376 | 1 Jenkins | 1 Wall Display | 2023-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | |||||
| CVE-2023-1030 | 1 Online Boat Reservation System Project | 1 Online Boat Reservation System | 2023-03-03 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755. | |||||
| CVE-2023-0869 | 1 Opennms | 2 Horizon, Meridian | 2023-03-03 | N/A | 6.1 MEDIUM |
| Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | |||||
| CVE-2022-29273 | 1 Netgate | 1 Pfsense | 2023-03-03 | N/A | 6.1 MEDIUM |
| pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | |||||
| CVE-2019-10373 | 1 Jenkins | 1 Build Pipeline | 2023-03-03 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | |||||
| CVE-2023-0044 | 2 Quarkus, Redhat | 2 Quarkus, Build Of Quarkus | 2023-03-03 | N/A | 6.1 MEDIUM |
| If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature. | |||||
| CVE-2022-46786 | 1 Squaredup | 1 Dashboard Server | 2023-03-03 | N/A | 5.4 MEDIUM |
| SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2). | |||||
| CVE-2022-48343 | 1 Jetbrains | 1 Teamcity | 2023-03-03 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. | |||||