Export limit exceeded: 45436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40350 | 1 Jenkins | 1 Docker Swarm | 2024-11-21 | 5.4 Medium |
| Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker. | ||||
| CVE-2023-40346 | 1 Jenkins | 1 Shortcut Job | 2024-11-21 | 5.4 Medium |
| Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs. | ||||
| CVE-2023-40342 | 1 Jenkins | 1 Flaky Test Handler | 2024-11-21 | 5.4 Medium |
| Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents. | ||||
| CVE-2023-40333 | 1 Qodeinteractive | 1 Bridge Core | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <= 3.0.9 versions. | ||||
| CVE-2023-40330 | 1 Dev4press | 1 Gd Security Headers | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions. | ||||
| CVE-2023-40329 | 1 Wpzest | 1 Custom Admin Login Page \| Wpzest Plugin | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZest Custom Admin Login Page | WPZest plugin <= 1.2.0 versions. | ||||
| CVE-2023-40328 | 1 Carrrot | 1 Carrrot | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carrrot plugin <= 1.1.0 versions. | ||||
| CVE-2023-40314 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 5.8 Medium |
| Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Moshe Apelbaum for reporting this issue. | ||||
| CVE-2023-40312 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 6.7 Medium |
| Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Jordi Miralles Comins for reporting this issue. | ||||
| CVE-2023-40311 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 6.7 Medium |
| Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Jordi Miralles Comins for reporting this issue. | ||||
| CVE-2023-40300 | 1 Netscout | 1 Ngeniuspulse | 2024-11-21 | 9.8 Critical |
| NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | ||||
| CVE-2023-40281 | 1 Ec-cube | 2 Ec-cube, Ec-cube 2 | 2024-11-21 | 4.8 Medium |
| EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product. | ||||
| CVE-2023-40214 | 1 Bestdivichild | 1 Business Pro | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes Business Pro theme <= 1.10.4 versions. | ||||
| CVE-2023-40208 | 1 Urosevic | 1 Stock Ticker | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksandar Urošević Stock Ticker plugin <= 3.23.3 versions. | ||||
| CVE-2023-40205 | 1 Pixelgrade | 1 Pixtypes | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgrade PixTypes plugin <= 1.4.15 versions. | ||||
| CVE-2023-40197 | 1 Flowpaper | 1 Flowpaper | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <= 1.9.9 versions. | ||||
| CVE-2023-40196 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.11 versions. | ||||
| CVE-2023-40176 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 9.1 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). This issue is present since version 4.1M2 when the time zone user preference was introduced. The issue has been fixed in XWiki 14.10.5 and 15.1RC1. | ||||
| CVE-2023-40153 | 1 Dexma | 1 Dexgate | 2024-11-21 | 5.4 Medium |
| The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software. | ||||
| CVE-2023-40143 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-11-21 | 5.4 Medium |
| An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. | ||||