Export limit exceeded: 350468 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40617 | 1 Openknowledgemaps | 1 Head Start | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'. | ||||
| CVE-2023-40605 | 1 93digital | 1 Typing Effect | 2024-11-21 | 6.5 Medium |
| Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6 versions. | ||||
| CVE-2023-40604 | 1 Jesmadsen | 1 Cookies By Jm | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <= 1.0 versions. | ||||
| CVE-2023-40601 | 1 Estatik | 1 Estatik Mortgage Calculator | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions. | ||||
| CVE-2023-40560 | 1 Toolstack | 1 Schedule Posts Calendar | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions. | ||||
| CVE-2023-40554 | 1 Adenion | 1 Blog2social | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions. | ||||
| CVE-2023-40553 | 1 Plausible | 1 Plausible Analytics | 2024-11-21 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Plausible.Io Plausible Analytics plugin <= 1.3.3 versions. | ||||
| CVE-2023-40552 | 1 Codeinitiator | 1 Fitness Calculators Plugin | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurcharan Singh Fitness calculators plugin plugin <= 2.0.7 versions. | ||||
| CVE-2023-40535 | 1 I-pro | 1 Video Insight | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-40519 | 1 Broadpeak | 1 Centralized Accounts Management Auth Agent | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter. | ||||
| CVE-2023-40367 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376. | ||||
| CVE-2023-40350 | 1 Jenkins | 1 Docker Swarm | 2024-11-21 | 5.4 Medium |
| Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker. | ||||
| CVE-2023-40346 | 1 Jenkins | 1 Shortcut Job | 2024-11-21 | 5.4 Medium |
| Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs. | ||||
| CVE-2023-40342 | 1 Jenkins | 1 Flaky Test Handler | 2024-11-21 | 5.4 Medium |
| Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents. | ||||
| CVE-2023-40333 | 1 Qodeinteractive | 1 Bridge Core | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <= 3.0.9 versions. | ||||
| CVE-2023-40330 | 1 Dev4press | 1 Gd Security Headers | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions. | ||||
| CVE-2023-40329 | 1 Wpzest | 1 Custom Admin Login Page \| Wpzest Plugin | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZest Custom Admin Login Page | WPZest plugin <= 1.2.0 versions. | ||||
| CVE-2023-40328 | 1 Carrrot | 1 Carrrot | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carrrot plugin <= 1.1.0 versions. | ||||
| CVE-2023-40314 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 5.8 Medium |
| Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Moshe Apelbaum for reporting this issue. | ||||
| CVE-2023-40312 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 6.7 Medium |
| Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Jordi Miralles Comins for reporting this issue. | ||||