Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24891 | 1 Microsoft | 1 Dynamics 365 | 2023-03-16 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2021-4195 | 1 Firmanet | 1 Customer Relation Manager | 2023-03-16 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes.This issue affects Customer Relation Manager: before 2022.03.13. | |||||
| CVE-2022-23790 | 1 Firmanet | 1 Technology Customer Relation Manager | 2023-03-16 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13. | |||||
| CVE-2023-0021 | 1 Sap | 1 Netweaver | 2023-03-16 | N/A | 6.1 MEDIUM |
| Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. | |||||
| CVE-2021-46875 | 1 Ibexa | 1 Ez Platform Kernel | 2023-03-16 | N/A | 6.1 MEDIUM |
| An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file. | |||||
| CVE-2022-47419 | 1 Mayan-edms | 1 Mayan Edms | 2023-03-16 | N/A | 5.4 MEDIUM |
| An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. | |||||
| CVE-2022-47412 | 1 Onlyoffice | 1 Workspace | 2023-03-16 | N/A | 5.4 MEDIUM |
| Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition. | |||||
| CVE-2023-23326 | 1 Avantfax | 1 Avantfax | 2023-03-16 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session. | |||||
| CVE-2023-0844 | 1 Kibokolabs | 1 Namaste\! Lms | 2023-03-16 | N/A | 4.8 MEDIUM |
| The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-0538 | 1 Campaign Url Builder Project | 1 Campaign Url Builder | 2023-03-16 | N/A | 5.4 MEDIUM |
| The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0219 | 1 Wpmanageninja | 1 Fluentsmtp | 2023-03-16 | N/A | 5.4 MEDIUM |
| The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. | |||||
| CVE-2023-0073 | 1 Client Logo Carousel Project | 1 Client Logo Carousel | 2023-03-16 | N/A | 5.4 MEDIUM |
| The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0172 | 1 Saas.group | 1 Juicer | 2023-03-16 | N/A | 5.4 MEDIUM |
| The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4661 | 1 Themelocation | 1 Widgets For Woocommerce Products On Elementor | 2023-03-16 | N/A | 5.4 MEDIUM |
| The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0066 | 1 Codeermeneer | 1 Companion Sitemap Generator | 2023-03-16 | N/A | 5.4 MEDIUM |
| The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-27898 | 1 Jenkins | 1 Jenkins | 2023-03-16 | N/A | 5.4 MEDIUM |
| Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances. | |||||
| CVE-2023-1395 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2023-03-16 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222982 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1396 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2023-03-16 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983. | |||||
| CVE-2023-1397 | 1 Online Student Management System Project | 1 Online Student Management System | 2023-03-16 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222984. | |||||
| CVE-2022-4652 | 1 Pushlabs | 1 Video Background | 2023-03-16 | N/A | 5.4 MEDIUM |
| The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||