Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22376 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2023-02-22 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. | |||||
| CVE-2023-0827 | 1 Pimcore | 1 Pimcore | 2023-02-22 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. | |||||
| CVE-2023-23856 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2023-02-22 | N/A | 5.4 MEDIUM |
| In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application. | |||||
| CVE-2022-24919 | 3 Debian, Fedoraproject, Zabbix | 3 Debian Linux, Fedora, Frontend | 2023-02-22 | 2.1 LOW | 4.4 MEDIUM |
| An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. | |||||
| CVE-2022-24918 | 2 Fedoraproject, Zabbix | 2 Fedora, Frontend | 2023-02-22 | 2.1 LOW | 4.4 MEDIUM |
| An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. | |||||
| CVE-2022-24349 | 3 Debian, Fedoraproject, Zabbix | 3 Debian Linux, Fedora, Frontend | 2023-02-22 | 2.1 LOW | 4.4 MEDIUM |
| An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. | |||||
| CVE-2022-24917 | 3 Debian, Fedoraproject, Zabbix | 3 Debian Linux, Fedora, Frontend | 2023-02-22 | 2.1 LOW | 4.4 MEDIUM |
| An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. | |||||
| CVE-2023-21573 | 1 Microsoft | 1 Dynamics 365 | 2023-02-22 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-21571 | 1 Microsoft | 1 Dynamics 365 | 2023-02-22 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-21572 | 1 Microsoft | 1 Dynamics 365 | 2023-02-22 | N/A | 6.5 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-21570 | 1 Microsoft | 1 Dynamics 365 | 2023-02-22 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-21564 | 1 Microsoft | 1 Azure Devops Server | 2023-02-22 | N/A | 7.1 HIGH |
| Azure DevOps Server Cross-Site Scripting Vulnerability | |||||
| CVE-2022-4286 | 1 Br-automation | 1 Automation Runtime | 2023-02-22 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session. | |||||
| CVE-2015-10078 | 1 Resend Welcome Email Project | 1 Resend Welcome Email | 2023-02-22 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1. This issue affects the function send_welcome_email_url of the file resend-welcome-email.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is b14c1f66d307783f0ae74f88088a85999107695c. It is recommended to upgrade the affected component. The identifier VDB-220637 was assigned to this vulnerability. | |||||
| CVE-2023-24086 | 1 Slims Project | 1 Slims | 2023-02-21 | N/A | 6.1 MEDIUM |
| SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. | |||||
| CVE-2022-45091 | 1 Gruparge | 1 Smartpower Web | 2023-02-21 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-43980 | 1 Pandorafms | 1 Pandora Fms | 2023-02-21 | N/A | 5.4 MEDIUM |
| There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie. | |||||
| CVE-2023-0099 | 1 Getlasso | 1 Simple Urls | 2023-02-21 | N/A | 6.1 MEDIUM |
| The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2023-0151 | 1 Utubevideo Gallery Project | 1 Utubevideo Gallery | 2023-02-21 | N/A | 5.4 MEDIUM |
| The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-25614 | 1 Sap | 1 Netweaver Application Server Abap | 2023-02-21 | N/A | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application. | |||||