Total
45043 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4110 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4100 | 1 Qsige | 1 Qsige | 2024-11-21 | 6.5 Medium |
| Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions. | ||||
| CVE-2023-4093 | 1 Fujitsu | 1 Arconte Aurea | 2024-11-21 | 5.5 Medium |
| Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user. | ||||
| CVE-2023-4090 | 1 Acilia | 1 Widestand | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response. | ||||
| CVE-2023-4007 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | ||||
| CVE-2023-49926 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. | ||||
| CVE-2023-49807 | 1 Weseek | 1 Growi | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | ||||
| CVE-2023-49802 | 1 Mantisbt | 1 Linked Custom Fields | 2024-11-21 | 6.7 Medium |
| The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT's default Content Security Policy, which blocks script execution. | ||||
| CVE-2023-49782 | 1 Collaboraoffice | 1 Richdocumentscode | 2024-11-21 | 7.1 High |
| Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-49779 | 1 Weseek | 1 Growi | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | ||||
| CVE-2023-49598 | 1 Weseek | 1 Growi | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | ||||
| CVE-2023-49577 | 1 Sap | 1 Human Capital Management | 2024-11-21 | 6.1 Medium |
| The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. | ||||
| CVE-2023-49563 | 1 Voltronicpower | 1 Snmp Web Pro | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver. | ||||
| CVE-2023-49494 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. | ||||
| CVE-2023-49492 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | ||||
| CVE-2023-49488 | 1 Openfiler | 1 Openfiler | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter. | ||||
| CVE-2023-49487 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | 5.4 Medium |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. | ||||
| CVE-2023-49486 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | 5.4 Medium |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. | ||||
| CVE-2023-49484 | 1 Iteachyou | 1 Dreamer Cms | 2024-11-21 | 5.4 Medium |
| Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. | ||||
| CVE-2023-49469 | 1 Shaarli Project | 1 Shaarli | 2024-11-21 | 6.1 Medium |
| Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function. | ||||