Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47591 | 2023-03-20 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions. | |||||
| CVE-2023-25795 | 2023-03-20 | N/A | N/A | ||
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions. | |||||
| CVE-2023-25064 | 2023-03-20 | N/A | N/A | ||
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions. | |||||
| CVE-2023-24381 | 2023-03-20 | N/A | N/A | ||
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions. | |||||
| CVE-2023-25794 | 2023-03-20 | N/A | N/A | ||
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions. | |||||
| CVE-2023-23718 | 2023-03-20 | N/A | N/A | ||
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions. | |||||
| CVE-2023-22682 | 2023-03-20 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions. | |||||
| CVE-2023-27592 | 2023-03-19 | N/A | N/A | ||
| Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the `html.ServerError` is returned unescaped without the expected Content Security Policy header added to valid responses. By creating an RSS feed item with the inline description containing an `<img>` tag with a `srcset` attribute pointing to an invalid URL like `http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error condition where the invalid URL is returned unescaped and in full. This results in JavaScript execution on the Miniflux instance as soon as the user is convinced (e.g. by a message in the alt text) to open the broken image. An attacker can execute arbitrary JavaScript in the context of a victim Miniflux user when they open a broken image in a crafted RSS feed. This can be used to perform actions on the Miniflux instance as that user and gain administrative access to the Miniflux instance if it is reachable and the victim is an administrator. A patch is available in version 2.0.43. As a workaround sisable image proxy; default value is `http-only`. | |||||
| CVE-2023-1481 | 2023-03-19 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The manipulation of the argument id with the input "><script>alert(111)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223364. | |||||
| CVE-2023-25172 | 2023-03-19 | N/A | N/A | ||
| Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches. As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse. | |||||
| CVE-2023-1496 | 2023-03-19 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. | |||||
| CVE-2023-1500 | 2023-03-19 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400. | |||||
| CVE-2023-1485 | 2023-03-19 | N/A | N/A | ||
| A vulnerability classified as problematic has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file /bsenordering/index.php of the component GET Parameter Handler. The manipulation of the argument category with the input <script>alert(222)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223371. | |||||
| CVE-2023-26912 | 1 S-mall-ssm Project | 1 S-mall-ssm | 2023-03-17 | N/A | 4.8 MEDIUM |
| Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button. | |||||
| CVE-2022-43874 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2023-03-17 | N/A | 6.1 MEDIUM |
| IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963. | |||||
| CVE-2022-37402 | 1 Afsanalytics | 1 Afs Analytics | 2023-03-17 | N/A | 4.8 MEDIUM |
| Stored Cross-site Scripting (XSS) vulnerability in AFS Analytics plugin <= 4.18 versions. | |||||
| CVE-2023-0322 | 1 Talentyazilim | 1 Unis | 2023-03-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 28376. | |||||
| CVE-2022-34148 | 1 Jetbackup | 1 Jetbackup | 2023-03-17 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions. | |||||
| CVE-2023-26457 | 1 Sap | 1 Content Server | 2023-03-17 | N/A | 6.1 MEDIUM |
| SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data. | |||||
| CVE-2023-1172 | 2023-03-17 | N/A | N/A | ||
| The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||