Total
44891 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27443 | 1 Simple Vimeo Shortcode Project | 1 Simple Vimeo Shortcode | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions. | ||||
| CVE-2023-27439 | 1 New Adman Project | 1 New Adman | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. | ||||
| CVE-2023-27432 | 1 Manage Upload Limit Project | 1 Manage Upload Limit | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <= 1.0.4 versions. | ||||
| CVE-2023-27429 | 1 Automattic | 1 Jetpack Crm | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions. | ||||
| CVE-2023-27427 | 1 Ntzapps | 1 Crm Memberships | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions. | ||||
| CVE-2023-27426 | 1 Notifyvisitors | 1 Notifyvisitors | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions. | ||||
| CVE-2023-27422 | 1 Nsthemes | 1 Ns Coupon To Become Customer | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions. | ||||
| CVE-2023-27421 | 1 Everestthemes | 1 Everest News | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions. | ||||
| CVE-2023-27420 | 1 Everestthemes | 1 Arya Multipurpose | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions. | ||||
| CVE-2023-27415 | 1 Themeqx | 1 Letterpress | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions. | ||||
| CVE-2023-27414 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions. | ||||
| CVE-2023-27413 | 1 W4 Post List Project | 1 W4 Post List | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions. | ||||
| CVE-2023-27412 | 1 Everestthemes | 1 Mocho Blog | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions. | ||||
| CVE-2023-27225 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field. | ||||
| CVE-2023-27150 | 1 Opencrx | 1 Opencrx | 2024-11-21 | 5.4 Medium |
| openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. | ||||
| CVE-2023-27149 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. | ||||
| CVE-2023-27148 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. | ||||
| CVE-2023-27121 | 1 Pleasantsolutions | 1 Pleasant Password Server | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter. | ||||
| CVE-2023-26961 | 1 Alteryx | 1 Alteryx Server | 2024-11-21 | 4.8 Medium |
| Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request. | ||||
| CVE-2023-26958 | 1 Phpgurukul | 1 Park Ticketing Management System | 2024-11-21 | 4.8 Medium |
| Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter. | ||||