Total
24390 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5304 | 2023-09-30 | N/A | N/A | ||
| A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943. | |||||
| CVE-2023-5305 | 2023-09-30 | N/A | N/A | ||
| A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944. | |||||
| CVE-2023-5303 | 2023-09-30 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5302 | 2023-09-30 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability. | |||||
| CVE-2023-5295 | 2023-09-30 | N/A | 6.4 MEDIUM | ||
| The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-45033 | 1 Oretnom23 | 1 Expense Tracker | 2023-09-30 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. | |||||
| CVE-2023-44048 | 1 Oretnom23 | 1 Expense Tracker | 2023-09-30 | N/A | 5.4 MEDIUM |
| Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. | |||||
| CVE-2023-41691 | 1 Pensopay | 1 Woocommerce Pensopay | 2023-09-30 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions. | |||||
| CVE-2023-5320 | 2023-09-30 | N/A | N/A | ||
| Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | |||||
| CVE-2023-5287 | 2023-09-30 | N/A | N/A | ||
| ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admin_content_tag.php?action=save_content. The manipulation of the argument tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240915. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-5286 | 2023-09-30 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5319 | 2023-09-30 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | |||||
| CVE-2023-5316 | 2023-09-30 | N/A | N/A | ||
| Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | |||||
| CVE-2023-5317 | 2023-09-30 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | |||||
| CVE-2023-43871 | 1 Wbce | 1 Wbce Cms | 2023-09-29 | N/A | 5.4 MEDIUM |
| A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | |||||
| CVE-2023-43872 | 1 Cmsmadesimple | 1 Cmsmadesimple | 2023-09-29 | N/A | 5.4 MEDIUM |
| A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | |||||
| CVE-2023-44173 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2023-09-29 | N/A | 5.4 MEDIUM |
| Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. | |||||
| CVE-2023-43873 | 1 E107 | 1 E107 Cms | 2023-09-29 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. | |||||
| CVE-2023-43874 | 1 E107 | 1 E107 Cms | 2023-09-29 | N/A | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. | |||||
| CVE-2023-43876 | 1 Octobercms | 1 October | 2023-09-29 | N/A | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. | |||||