Total
28595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52188 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter allows Stored XSS.This issue affects Footer Putter: from n/a through 1.17. | |||||
| CVE-2023-52189 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4. | |||||
| CVE-2024-22148 | 2024-02-03 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. | |||||
| CVE-2023-27990 | 1 Zyxel | 38 Atp100, Atp100 Firmware, Atp100w and 35 more | 2024-02-02 | N/A | 4.8 MEDIUM |
| The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device. | |||||
| CVE-2023-6524 | 1 Mappresspro | 1 Mappress | 2024-02-02 | N/A | 5.4 MEDIUM |
| The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2007-6388 | 1 Apache | 1 Http Server | 2024-02-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-23034 | 1 Eyoucms | 1 Eyoucms | 2024-02-02 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-23033 | 1 Eyoucms | 1 Eyoucms | 2024-02-02 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-20270 | 1 Cisco | 2 Broadworks Application Delivery Platform, Broadworks Xtended Services Platform | 2024-02-02 | N/A | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2024-20251 | 1 Cisco | 1 Identity Services Engine | 2024-02-02 | N/A | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2024-23032 | 1 Eyoucms | 1 Eyoucms | 2024-02-02 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2023-20257 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-02-02 | N/A | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application. | |||||
| CVE-2024-23031 | 1 Eyoucms | 1 Eyoucms | 2024-02-02 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-22927 | 1 Eyoucms | 1 Eyoucms | 2024-02-02 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2023-50933 | 1 Ibm | 1 Powersc | 2024-02-02 | N/A | 6.1 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | |||||
| CVE-2023-33786 | 1 Netbox Project | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2023-33790 | 1 Netbox Project | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2023-33787 | 1 Netbox Project | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2023-33785 | 1 Netbox Project | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2023-33795 | 1 Netbox Project | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||