Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0312 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-01-24 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
| CVE-2020-5497 | 1 Mitreid | 1 Connect | 2023-01-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript. | |||||
| CVE-2021-46872 | 1 Nim-lang | 2 Nim, Nimforum | 2023-01-23 | N/A | 6.1 MEDIUM |
| An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.) | |||||
| CVE-2023-0338 | 1 Daloradius | 1 Daloradius | 2023-01-23 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | |||||
| CVE-2023-0337 | 1 Daloradius | 1 Daloradius | 2023-01-23 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | |||||
| CVE-2021-39427 | 1 Vtimecn | 1 188jianzhan | 2023-01-23 | N/A | 5.4 MEDIUM |
| Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php. | |||||
| CVE-2022-38723 | 1 Gravitee | 1 Api Management | 2023-01-23 | N/A | 8.6 HIGH |
| Gravitee API Management before 3.15.13 allows path traversal through HTML injection. | |||||
| CVE-2009-10002 | 1 Fittr Flickr Project | 1 Fittr Flickr | 2023-01-23 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability. | |||||
| CVE-2009-10001 | 1 Cool-php-captcha Project | 1 Cool-php-captcha | 2023-01-23 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27ae3f80. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218296. | |||||
| CVE-2023-0295 | 1 Obox | 1 Launchpad - Coming Soon \& Maintenance Mode Plugin | 2023-01-23 | N/A | 4.8 MEDIUM |
| The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2022-42704 | 1 Servicenow | 1 Servicenow | 2023-01-23 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget. | |||||
| CVE-2023-0287 | 1 Favorites-web Project | 1 Favorites-web | 2023-01-23 | N/A | 5.4 MEDIUM |
| A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-22491 | 1 Gatsbyjs | 1 Gatsby | 2023-01-23 | N/A | 5.4 MEDIUM |
| Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner. | |||||
| CVE-2021-4312 | 1 Rapidleech | 1 Rapidleech | 2023-01-23 | N/A | 6.1 MEDIUM |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-46438 | 1 Douco | 1 Douphp | 2023-01-23 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | |||||
| CVE-2022-4449 | 1 Page Scroll To Id Project | 1 Page Scroll To Id | 2023-01-23 | N/A | 5.4 MEDIUM |
| The Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-0310 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-01-23 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
| CVE-2023-0309 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-01-23 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
| CVE-2023-0308 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-01-23 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
| CVE-2023-0306 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-01-23 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||