Total
38504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24001 | 1 Modal Dialog Project | 1 Modal Dialog | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions. | |||||
| CVE-2023-23999 | 1 Monsterinsights | 1 Google Analytics Dashboard | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions. | |||||
| CVE-2023-23998 | 1 E4jconnect | 1 Vikrentcar | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin <= 1.3.0 versions. | |||||
| CVE-2023-23996 | 1 Properfraction | 1 Profilepress | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions. | |||||
| CVE-2023-23995 | 1 Tinymce Custom Styles Project | 1 Tinymce Custom Styles | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions. | |||||
| CVE-2023-23994 | 1 Auto Hide Admin Bar Project | 1 Auto Hide Admin Bar | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions. | |||||
| CVE-2023-23987 | 1 Wpeverest | 1 User Registration | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions. | |||||
| CVE-2023-23982 | 1 Wpfrom Email Project | 1 Wpfrom Email | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions. | |||||
| CVE-2023-23981 | 1 Quantumcloud | 1 Conversational Forms For Chatbot | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions. | |||||
| CVE-2023-23980 | 1 Mailoptin | 1 Mailoptin | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions. | |||||
| CVE-2023-23979 | 1 Fullworksplugins | 1 Quick Event Manager | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions. | |||||
| CVE-2023-23977 | 1 Heateor | 1 Social Comments | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions. | |||||
| CVE-2023-23972 | 1 Wpdevart | 1 Social Like Box And Page | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions. | |||||
| CVE-2023-23971 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions. | |||||
| CVE-2023-23942 | 1 Nextcloud | 1 Desktop | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue. | |||||
| CVE-2023-23938 | 1 Enalean | 1 Tuleap | 2024-11-21 | N/A | 5.9 MEDIUM |
| Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue has been addressed in Tuleap Community Edition version 14.5.99.4. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-23927 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7. | |||||
| CVE-2023-23922 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.1 MEDIUM |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2023-23921 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.1 MEDIUM |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2023-23900 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2024-11-21 | N/A | 5.8 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions. | |||||