Total
38490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22933 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 8.0 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. | |||||
| CVE-2023-22932 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 8.7 HIGH |
| In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. | |||||
| CVE-2023-22921 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | |||||
| CVE-2023-22902 | 1 Openfind | 1 Mail2000 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack. | |||||
| CVE-2023-22868 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117. | |||||
| CVE-2023-22860 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. | |||||
| CVE-2023-22857 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A | 8.5 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post. | |||||
| CVE-2023-22856 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A | 8.5 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file. | |||||
| CVE-2023-22843 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | N/A | 6.4 MEDIUM |
| An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules. | |||||
| CVE-2023-22838 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-22725 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.2 MEDIUM |
| GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6. | |||||
| CVE-2023-22724 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.2 MEDIUM |
| GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. This issue is patched in 10.0.6. | |||||
| CVE-2023-22722 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.8 MEDIUM |
| GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6. | |||||
| CVE-2023-22721 | 1 Oi Yandex.maps Project | 1 Oi Yandex.maps | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions. | |||||
| CVE-2023-22720 | 1 Wp Links Page Project | 1 Wp Links Page | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions. | |||||
| CVE-2023-22718 | 1 User Meta Manager Project | 1 User Meta Manager | 2024-11-21 | N/A | 7.1 HIGH |
| Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions. | |||||
| CVE-2023-22717 | 1 Ncrafts | 1 Formcraft | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in nCrafts FormCraft plugin <= 1.2.6 versions. | |||||
| CVE-2023-22716 | 1 Oopspam | 1 Oopspam Anti-spam | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions. | |||||
| CVE-2023-22715 | 1 Wp-commentnavi Project | 1 Wp-commentnavi | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions. | |||||
| CVE-2023-22713 | 1 Wpdownloadmanager | 1 Gutenberg Blocks For Wordpress Download Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions. | |||||