Total
38473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0840 | 1 Phpcrazy Project | 1 Phpcrazy | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0829 | 1 Plesk | 1 Plesk | 2024-11-21 | N/A | 8.8 HIGH |
| Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription. | |||||
| CVE-2023-0828 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.7 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2023-0827 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. | |||||
| CVE-2023-0810 | 1 Btcpayserver | 1 Btcpayserver | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11. | |||||
| CVE-2023-0787 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 8.1 HIGH |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2023-0786 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 8.4 HIGH |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2023-0776 | 1 Baicells | 8 Neutrino 430, Neutrino 430 Firmware, Nova430e and 5 more | 2024-11-21 | N/A | 8.1 HIGH |
| Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. | |||||
| CVE-2023-0747 | 1 Btcpayserver | 1 Btcpayserver | 2024-11-21 | N/A | 5.5 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | |||||
| CVE-2023-0746 | 1 Gigamon | 1 Gigavue-os | 2024-11-21 | N/A | 6.3 MEDIUM |
| The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting. | |||||
| CVE-2023-0743 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 9.0 CRITICAL |
| Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2023-0742 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 9.0 CRITICAL |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2023-0741 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 9.0 CRITICAL |
| Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2023-0740 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 9.0 CRITICAL |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2023-0736 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0732 | 1 Oretnom23 | 1 Online Eyewear Shop | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability. | |||||
| CVE-2023-0695 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | |||||
| CVE-2023-0677 | 1 Phpipam | 1 Phpipam | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. | |||||
| CVE-2023-0676 | 1 Phpipam | 1 Phpipam | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. | |||||
| CVE-2023-0650 | 1 Yetanotherforum | 1 Yaf.net | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The identifier of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability. | |||||