Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1572 | 2023-03-22 | N/A | N/A | ||
| A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223564. | |||||
| CVE-2023-1567 | 2023-03-22 | N/A | N/A | ||
| A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assign/assign.php. The manipulation of the argument sid leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223559. | |||||
| CVE-2023-1565 | 2023-03-22 | N/A | N/A | ||
| A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slide_add.html of the component Extension Tool. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223557 was assigned to this vulnerability. | |||||
| CVE-2023-1568 | 2023-03-22 | N/A | N/A | ||
| A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file /admin/reports/index.php of the component GET Parameter Handler. The manipulation of the argument date_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223560. | |||||
| CVE-2023-1447 | 2023-03-22 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Affected by this issue is some unknown functionality of the file app/?page=medicines/manage_medicine. The manipulation of the argument name/description with the input <script>alert('2')</script> leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-223292. | |||||
| CVE-2023-27130 | 1 Typecho | 1 Typecho | 2023-03-21 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. | |||||
| CVE-2021-36821 | 1 Incsub | 1 Forminator | 2023-03-21 | N/A | 6.1 MEDIUM |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in WPMU DEV Forminator – Contact Form, Payment Form & Custom Form Builder plugin <= 1.14.11 versions. | |||||
| CVE-2020-19947 | 1 Markdown Edit Project | 1 Markdown Edit | 2023-03-21 | N/A | 9.6 CRITICAL |
| Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage. | |||||
| CVE-2022-41554 | 1 Slideshow Se Project | 1 Slideshow Se | 2023-03-21 | N/A | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions. | |||||
| CVE-2022-40699 | 1 Yasr - Yet Another Stars Rating Project | 1 Yasr - Yet Another Stars Rating | 2023-03-21 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr – Yet Another Stars Rating plugin <= 3.1.2 versions. | |||||
| CVE-2023-26951 | 1 Onekeyadmin | 1 Onekeyadmin | 2023-03-21 | N/A | 5.4 MEDIUM |
| onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module. | |||||
| CVE-2023-24879 | 1 Microsoft | 1 Dynamics 365 | 2023-03-21 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-1421 | 1 Mattermost | 1 Mattermost Server | 2023-03-21 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter. | |||||
| CVE-2023-27070 | 1 Totaljs | 1 Openplatform | 2023-03-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field. | |||||
| CVE-2022-41831 | 2023-03-21 | N/A | N/A | ||
| Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin <= 3.1.2 versions. | |||||
| CVE-2023-1527 | 2023-03-21 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. | |||||
| CVE-2023-0273 | 2023-03-21 | N/A | N/A | ||
| The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-42485 | 2023-03-21 | N/A | N/A | ||
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galaxy Weblinks Gallery with thumbnail slider plugin <= 6.0 versions. | |||||
| CVE-2016-15029 | 2023-03-21 | N/A | N/A | ||
| A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.10.0 is able to address this issue. The name of the patch is 67e87f0f0c1ac238fcd050f4c3db298229bc9679. It is recommended to upgrade the affected component. VDB-223402 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0175 | 2023-03-21 | N/A | N/A | ||
| The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||