Security Vulnerabilities, CVEs
CVE-2023-50836
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28.
Max CVSS
5.9
Published
2023-12-28
Updated
2023-12-28
EPSS
0.04%
CVE-2023-50835
Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.This issue affects Advanced Category Template: from n/a through 0.1.
Max CVSS
8.8
Published
2023-12-19
Updated
2023-12-28
EPSS
0.06%
CVE-2023-50834
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.
Max CVSS
6.5
Published
2023-12-21
Updated
2023-12-30
EPSS
0.05%
CVE-2023-50833
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through 1.0.239.
Max CVSS
6.5
Published
2023-12-21
Updated
2023-12-29
EPSS
0.05%
CVE-2023-50832
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13.
Max CVSS
5.9
Published
2023-12-21
Updated
2023-12-30
EPSS
0.05%
CVE-2023-50831
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.
Max CVSS
6.5
Published
2023-12-21
Updated
2023-12-29
EPSS
0.05%
CVE-2023-50830
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS.This issue affects Seos Contact Form: from n/a through 1.8.0.
Max CVSS
5.9
Published
2023-12-21
Updated
2023-12-29
EPSS
0.05%
CVE-2023-50829
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3.
Max CVSS
5.9
Published
2023-12-21
Updated
2023-12-29
EPSS
0.05%
CVE-2023-50828
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11.
Max CVSS
5.9
Published
2023-12-21
Updated
2023-12-29
EPSS
0.05%
CVE-2023-50827
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.
Max CVSS
5.9
Published
2023-12-21
Updated
2023-12-27
EPSS
0.05%
CVE-2023-50826
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS.This issue affects Menu Image, Icons made easy: from n/a through 3.10.
Max CVSS
5.9
Published
2023-12-21
Updated
2023-12-27
EPSS
0.05%
CVE-2023-50825
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0.
Max CVSS
6.5
Published
2023-12-21
Updated
2023-12-28
EPSS
0.05%
CVE-2023-50824
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.
Max CVSS
6.5
Published
2023-12-21
Updated
2023-12-29
EPSS
0.05%
CVE-2023-50823
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.
Max CVSS
6.5
Published
2023-12-21
Updated
2023-12-29
EPSS
0.05%
CVE-2023-50822
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget – Exchange Rates allows Stored XSS.This issue affects Currency Converter Widget – Exchange Rates: from n/a through 3.0.2.
Max CVSS
6.5
Published
2023-12-21
Updated
2023-12-21
EPSS
0.04%
CVE-2023-50784
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
Max CVSS
7.5
Published
2023-12-16
Updated
2023-12-21
EPSS
0.19%
CVE-2023-50783
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue
Max CVSS
6.5
Published
2023-12-21
Updated
2023-12-28
EPSS
0.07%
CVE-2023-50779
Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.
Max CVSS
4.3
Published
2023-12-13
Updated
2023-12-18
EPSS
0.04%
CVE-2023-50778
A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token.
Max CVSS
8.8
Published
2023-12-13
Updated
2023-12-18
EPSS
0.06%
CVE-2023-50777
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Max CVSS
4.3
Published
2023-12-13
Updated
2023-12-18
EPSS
0.04%
CVE-2023-50776
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Max CVSS
4.3
Published
2023-12-13
Updated
2023-12-18
EPSS
0.04%
CVE-2023-50775
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.
Max CVSS
4.3
Published
2023-12-13
Updated
2023-12-18
EPSS
0.05%
CVE-2023-50774
A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.
Max CVSS
8.1
Published
2023-12-13
Updated
2023-12-18
EPSS
0.06%
CVE-2023-50773
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Max CVSS
4.3
Published
2023-12-13
Updated
2023-12-18
EPSS
0.04%
CVE-2023-50772
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Max CVSS
4.3
Published
2023-12-13
Updated
2023-12-18
EPSS
0.04%