Export limit exceeded: 46020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46099 | 1 Siemens | 1 Simatic Pcs Neo | 2025-01-08 | 5.4 Medium |
| A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user. | ||||
| CVE-2023-6128 | 1 Salesagility | 1 Suitecrm | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | ||||
| CVE-2023-47660 | 1 Wpwham | 1 Product Visibility By Country For Woocommerce | 2025-01-08 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Wham Product Visibility by Country for WooCommerce plugin <= 1.4.9 versions. | ||||
| CVE-2023-47659 | 1 Lava-code | 1 Lava Directory Manager | 2025-01-08 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions. | ||||
| CVE-2023-33969 | 1 Kanboard | 1 Kanboard | 2025-01-08 | 6.4 Medium |
| Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config. | ||||
| CVE-2023-34103 | 1 Avohq | 1 Avo | 2025-01-08 | 7.3 High |
| Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are stored and no specific timing is required. This issue has been addressed in commit `7891c01e` which is expected to be included in the next release of avo. Users are advised to configure CSP headers for their application and to limit untrusted user access as a mitigation. | ||||
| CVE-2023-47658 | 1 Actpro | 1 Extra Product Options For Woocommerce | 2025-01-07 | 5.9 Medium |
| Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in actpro Extra Product Options for WooCommerce plugin <= 3.0.3 versions. | ||||
| CVE-2023-47656 | 1 Marcomilesi | 1 Anac Xml Bandi Di Gara | 2025-01-07 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions. | ||||
| CVE-2023-47654 | 1 Livescore | 1 Bzscore | 2025-01-07 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in livescore.Bz BZScore – Live Score plugin <= 1.03 versions. | ||||
| CVE-2023-47653 | 1 Theweb-designs | 1 Twb Woocommerce | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abu Bakar TWB Woocommerce Reviews plugin <= 1.7.5 versions. | ||||
| CVE-2023-38360 | 1 Ibm | 1 Cics Tx | 2025-01-07 | 6.1 Medium |
| IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769. | ||||
| CVE-2023-47646 | 1 Cedcommerce | 1 Recently Viewed And Most Viewed Products | 2025-01-07 | 5.9 Medium |
| Auth. (Shop Manager+) Stored Cross-Site Scripting (XSS) vulnerability in CedCommerce Recently viewed and most viewed products plugin <= 1.1.1 versions. | ||||
| CVE-2023-47554 | 1 Denk | 1 Actueel Financieel Nieuws | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DenK BV Actueel Financieel Nieuws – Denk Internet Solutions plugin <= 5.1.0 versions. | ||||
| CVE-2023-47549 | 1 Spider-themes | 1 Eazydocs | 2025-01-07 | 6.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions. | ||||
| CVE-2023-47547 | 1 Wpfactory | 1 Products\, Order \& Customers Export For Woocommerce | 2025-01-07 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions. | ||||
| CVE-2023-47546 | 1 Walterpinem | 1 Oneclick Chat To Order | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Walter Pinem OneClick Chat to Order plugin <= 1.0.4.2 versions. | ||||
| CVE-2023-47545 | 1 Fatcatapps | 1 Forms For Mailchimp By Optin Cat | 2025-01-07 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin <= 2.5.4 versions. | ||||
| CVE-2023-47533 | 1 Wpdevart | 1 Countdown And Countup\, Woocommerce Sales Timer | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions. | ||||
| CVE-2023-47532 | 1 Themeum | 1 Wp Crowdfunding | 2025-01-07 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions. | ||||
| CVE-2023-47528 | 1 Sajjad67 | 1 Wp Edit Username | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajjad Hossain Sagor WP Edit Username plugin <= 1.0.5 versions. | ||||