Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26788 | 1 Veritas | 1 Netbackup Appliance Firmware | 2025-02-11 | N/A | 6.1 MEDIUM |
| Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. | |||||
| CVE-2023-24182 | 1 Openwrt | 1 Openwrt | 2025-02-11 | N/A | 5.4 MEDIUM |
| LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js. | |||||
| CVE-2023-26773 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2025-02-11 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file. | |||||
| CVE-2022-3513 | 1 Gitlab | 1 Gitlab | 2025-02-11 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP. | |||||
| CVE-2024-3045 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2025-02-11 | N/A | 6.1 MEDIUM |
| The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-24721 | 1 Liveaction | 1 Livesp | 2025-02-11 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2023-26846 | 1 Opencats | 1 Opencats | 2025-02-11 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. | |||||
| CVE-2023-24181 | 1 Openwrt | 1 Luci | 2025-02-11 | N/A | 5.4 MEDIUM |
| LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm. | |||||
| CVE-2023-29376 | 1 Progress | 1 Sitefinity | 2025-02-11 | N/A | 5.4 MEDIUM |
| An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries. | |||||
| CVE-2023-23572 | 1 Epson | 100 Esifnw1, Esifnw1 Firmware, Esnsb1 and 97 more | 2025-02-11 | N/A | 4.8 MEDIUM |
| Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. | |||||
| CVE-2023-26847 | 1 Opencats | 1 Opencats | 2025-02-11 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates. | |||||
| CVE-2023-23277 | 1 Snippet Box Project | 1 Snippet Box | 2025-02-11 | N/A | 6.1 MEDIUM |
| Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field. | |||||
| CVE-2023-0363 | 1 Nlb-creations | 1 Scheduled Announcements Widget | 2025-02-11 | N/A | 5.4 MEDIUM |
| The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-53964 | 1 Adobe | 1 Experience Manager | 2025-02-11 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2024-53966 | 1 Adobe | 1 Experience Manager | 2025-02-11 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2024-53965 | 1 Adobe | 1 Experience Manager | 2025-02-11 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page. | |||||
| CVE-2024-53963 | 1 Adobe | 1 Experience Manager | 2025-02-11 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page. | |||||
| CVE-2024-53962 | 1 Adobe | 1 Experience Manager | 2025-02-11 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-4839 | 1 Codecabin | 1 Wp Go Maps | 2025-02-11 | N/A | 4.8 MEDIUM |
| The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-1582 | 1 Codecabin | 1 Wp Go Maps | 2025-02-11 | N/A | 5.4 MEDIUM |
| The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||