Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0553 | 1 Thingsforrestaurants | 1 Quick Restaurant Menu | 2023-02-07 | N/A | 4.8 MEDIUM |
| The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2016-15022 | 1 Cimage | 1 Cimage | 2023-02-07 | N/A | 6.1 MEDIUM |
| A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715. | |||||
| CVE-2022-45598 | 1 Joplin Project | 1 Joplin | 2023-02-07 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization. | |||||
| CVE-2009-10003 | 1 Wordcraft Project | 1 Wordcraft | 2023-02-07 | N/A | 6.1 MEDIUM |
| A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0571 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-02-07 | N/A | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-23950 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2023-02-07 | N/A | 6.1 MEDIUM |
| User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. | |||||
| CVE-2023-23951 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2023-02-07 | N/A | 6.1 MEDIUM |
| Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | |||||
| CVE-2022-25979 | 1 Jsuites | 1 Jsuites | 2023-02-07 | N/A | 6.1 MEDIUM |
| Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function. | |||||
| CVE-2023-24065 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2023-02-07 | N/A | 5.4 MEDIUM |
| NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting. | |||||
| CVE-2023-0488 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2023-02-07 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. | |||||
| CVE-2023-22333 | 1 Mubag | 1 Easymail | 2023-02-07 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-44897 | 1 Apollotheme | 1 Ap Pagebuilder | 2023-02-07 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter. | |||||
| CVE-2023-0071 | 1 Shapedplugin | 1 Wp Tabs | 2023-02-06 | N/A | 5.4 MEDIUM |
| The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0033 | 1 Pdf Viewer Project | 1 Pdf Viewer | 2023-02-06 | N/A | 5.4 MEDIUM |
| The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2023-0097 | 1 Shapedplugin | 1 Post Grid\, Post Carousel\, \& List Category Posts | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0074 | 1 Catchsquare | 1 Wp Social Widget | 2023-02-06 | N/A | 5.4 MEDIUM |
| The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4837 | 1 Machothemes | 1 Cpo Companion | 2023-02-06 | N/A | 5.4 MEDIUM |
| The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4552 | 1 Fl3r Feelbox Project | 1 Fl3r Feelbox | 2023-02-06 | N/A | 6.1 MEDIUM |
| The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2022-4787 | 1 Themify | 1 Shortcodes | 2023-02-06 | N/A | 5.4 MEDIUM |
| Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4781 | 1 Accordion Shortcodes Project | 1 Accordion Shortcodes | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||