Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10075 | 1 Custom-content-width Project | 1 Custom-content-width | 2023-02-14 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely. | |||||
| CVE-2022-21948 | 1 Opensuse | 1 Paste | 2023-02-14 | N/A | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions. | |||||
| CVE-2015-10074 | 1 Openseamap | 1 Online Chart | 2023-02-14 | N/A | 6.1 MEDIUM |
| A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The name of the patch is 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-23074 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-02-14 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | |||||
| CVE-2023-23073 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2023-02-14 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | |||||
| CVE-2022-48311 | 1 Hp | 2 Deskjet 2540 A9u23b, Deskjet 2540 A9u23b Firmware | 2023-02-14 | N/A | 9.0 CRITICAL |
| **UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2013-4842 | 1 Hp | 2 Integrated Lights-out 4, Integrated Lights-out Firmware | 2023-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2022-4664 | 1 Logichunt | 1 Logo Slider | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4902 | 1 Exoplatform | 1 Chat Application | 2023-02-14 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.3.0-20220417 is able to address this issue. The name of the patch is 26bf307d3658d1403cfd5c3ad423ce4c4d1cb2dc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220212. | |||||
| CVE-2023-0144 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0146 | 1 Naver Map Project | 1 Naver Map | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0143 | 1 Send Pdf For Contact Form 7 Project | 1 Send Pdf For Contact Form 7 | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4747 | 1 Essentialplugin | 1 Download Post Category Image With Grid And Slider | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4717 | 1 Machothemes | 1 Strong Testimonials | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2017-20175 | 1 Mediawiki | 1 Matomo | 2023-02-14 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.4.3 is able to address this issue. The name of the patch is 681324e4f518a8af4bd1f93867074c728eb9923d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220203. | |||||
| CVE-2022-4674 | 1 Vowelweb | 1 Ibtana | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack | |||||
| CVE-2021-29841 | 2 Ibm, Linux | 5 Aix, Financial Transaction Manager, Linux On Ibm Z and 2 more | 2023-02-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. | |||||
| CVE-2023-0282 | 1 Plugin | 1 Yourchannel | 2023-02-14 | N/A | 5.4 MEDIUM |
| The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. | |||||
| CVE-2023-0252 | 1 Webberzone | 1 Contextual Related Posts | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0176 | 1 Rafflepress | 1 Giveaways And Contests By Rafflepress | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||