Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42908 | 1 Wepanow | 1 Print Away | 2023-02-10 | N/A | 5.4 MEDIUM |
| WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions. | |||||
| CVE-2011-4329 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-02-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php. | |||||
| CVE-2022-31160 | 5 Debian, Drupal, Fedoraproject and 2 more | 15 Debian Linux, Jquery Ui Checkboxradio, Fedora and 12 more | 2023-02-10 | N/A | 6.1 MEDIUM |
| jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. | |||||
| CVE-2011-4814 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-02-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php. | |||||
| CVE-2023-24197 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-02-09 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | |||||
| CVE-2023-24195 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-02-09 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. | |||||
| CVE-2023-24194 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-02-09 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. | |||||
| CVE-2023-24191 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-02-09 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. | |||||
| CVE-2023-24192 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-02-09 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. | |||||
| CVE-2023-0639 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2023-02-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. | |||||
| CVE-2023-0253 | 1 Devowl | 1 Wordpress Real Media Library | 2023-02-09 | N/A | 5.4 MEDIUM |
| The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2021-37502 | 1 Automad | 1 Automad | 2023-02-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user. | |||||
| CVE-2023-22975 | 1 Jflyfox | 1 Jfinal Cms | 2023-02-09 | N/A | 6.1 MEDIUM |
| jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-0650 | 1 Yetanotherforum | 1 Yaf.net | 2023-02-09 | N/A | 5.4 MEDIUM |
| A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability. | |||||
| CVE-2021-36538 | 1 Gurock | 1 Testrail | 2023-02-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. | |||||
| CVE-2021-36545 | 1 Tpcms Project | 1 Tpcms | 2023-02-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. | |||||
| CVE-2021-36712 | 1 Yzmcms | 1 Yzmcms | 2023-02-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. | |||||
| CVE-2022-2546 | 1 Servmask | 1 All-in-one Wp Migration | 2023-02-09 | N/A | 4.7 MEDIUM |
| The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key | |||||
| CVE-2023-23636 | 1 Jellyfin | 1 Jellyfin | 2023-02-09 | N/A | 5.4 MEDIUM |
| In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | |||||
| CVE-2023-23635 | 1 Jellyfin | 1 Jellyfin | 2023-02-09 | N/A | 5.4 MEDIUM |
| In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | |||||