Export limit exceeded: 45472 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45472 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5562 | 1 Knime | 1 Knime Analytics Platform | 2024-11-21 | 6.1 Medium |
| An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently. KNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks. KNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor's knime.ini. | ||||
| CVE-2023-5558 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 6.1 Medium |
| The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-5556 | 1 Structurizr | 1 On-premises Installation | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194. | ||||
| CVE-2023-5547 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 3.3 Low |
| The course upload preview contained an XSS risk for users uploading unsafe data. | ||||
| CVE-2023-5546 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | ||||
| CVE-2023-5541 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.3 Low |
| The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | ||||
| CVE-2023-5530 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.8 Medium |
| The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue | ||||
| CVE-2023-5458 | 1 Ashik | 1 Cits Support Svg\, Webp Media And Ttf\,otf File Upload | 2024-11-21 | 5.4 Medium |
| The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2023-5452 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | ||||
| CVE-2023-5421 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 Low |
| An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | ||||
| CVE-2023-5351 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. | ||||
| CVE-2023-5348 | 1 Multivendorx | 1 Product Catalog Mode For Woocommerce | 2024-11-21 | 6.1 Medium |
| The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users. | ||||
| CVE-2023-5343 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 4.8 Medium |
| The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2023-5325 | 1 Levantoan | 1 Woocommerce Vietnam Checkout | 2024-11-21 | 6.1 Medium |
| The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS | ||||
| CVE-2023-5323 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. | ||||
| CVE-2023-5320 | 2 Phpmyfaq, Thorsten | 2 Phpmyfaq, Phpmyfaq | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | ||||
| CVE-2023-5319 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | ||||
| CVE-2023-5318 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | ||||
| CVE-2023-5317 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | ||||