Total
38510 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25464 | 1 Streamweasels | 1 Twitch Player | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions. | |||||
| CVE-2023-25462 | 1 Antonioandrade | 1 Wp Htaccess Control | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions. | |||||
| CVE-2023-25461 | 1 Smartlogix | 1 Wp-insert | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions. | |||||
| CVE-2023-25460 | 1 Codesolz | 1 Easy Ad Manager | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0 versions. | |||||
| CVE-2023-25459 | 1 Postsnippets | 1 Post Snippets | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions. | |||||
| CVE-2023-25458 | 1 Gmo | 1 Typesquare Webfonts For Conoha | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions. | |||||
| CVE-2023-25456 | 1 Klaviyo | 1 Klaviyo | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klaviyo, Inc. Klaviyo plugin <= 3.0.7 versions. | |||||
| CVE-2023-25453 | 1 Iansadowsky | 1 Wordpress Tables | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <= 1.3.9 versions. | |||||
| CVE-2023-25452 | 1 Cms Press Project | 1 Cms Press | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions. | |||||
| CVE-2023-25451 | 1 Wpchill | 1 Cpo Content Types | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions. | |||||
| CVE-2023-25442 | 1 Zeno Font Resizer Project | 1 Zeno Font Resizer | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions. | |||||
| CVE-2023-25364 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks. | |||||
| CVE-2023-25200 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser. | |||||
| CVE-2023-25199 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser. | |||||
| CVE-2023-25172 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 4.4 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches. As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse. | |||||
| CVE-2023-25154 | 1 Misskey | 1 Misskey | 2024-11-21 | N/A | 7.1 HIGH |
| Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a user or note received through ActivityPub is not properly validated, so by inserting a URL with a javascript scheme an attacker may execute JavaScript code in the context of the recipient. This issue has been fixed in version 13.5.0. Users are advised to upgrade. Users unable to upgrade should not "view on remote" for untrusted instances. | |||||
| CVE-2023-25077 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-25064 | 1 Wp Htpasswd Project | 1 Wp Htpasswd | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions. | |||||
| CVE-2023-25063 | 1 Anadnet | 1 Quick Page\/post Redirect Plugin | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions. | |||||
| CVE-2023-25062 | 1 Pinpoint | 1 Pinpoint Booking System | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions. | |||||