Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-40045 In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module.Β An attacker could leverage this vulnera... | 8.3 | HIGH | β | 0 |
| CVE-2023-40046 In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure a... | 8.2 | HIGH | β | 0 |
| CVE-2023-40047 In WS_FTP Server version prior to 8.8.2,Β a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SS... | 8.3 | HIGH | β | 0 |
| CVE-2023-40048 In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server admini... | 6.8 | MEDIUM | β | 0 |
| CVE-2023-40049 In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-40330 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <=Β 1.6.1 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-40333 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <=Β 3.0.9 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-40443 The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges. | 7.8 | HIGH | β | 0 |
| CVE-2023-40451 This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code. | 8.8 | HIGH | β | 0 |
| CVE-2023-40532 Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-40604 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <=Β 1.0 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-40605 Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <=Β 1.3.6 versions. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-40663 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <=Β 8.3.4 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-40664 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy β Smart Donations plugin <=Β 4.0.12 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-40665 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin <=Β 2.16.0 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-40667 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <=Β 117 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-40668 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin <=Β 2.16.0 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-40669 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in twinpictures, baden03 Collapse-O-Matic plugin <=Β 1.8.5.5 versions. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-40675 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <=Β 1.5.1.2 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-40676 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <=Β 5.0.8 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-40677 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <=Β 7.1 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-41074 The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | HIGH | β | 0 |
| CVE-2023-41235 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Everest News Pro theme <=Β 1.1.7 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-41236 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <=Β 2.8.0 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-41237 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose Pro theme <=Β 1.0.8 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-4316 Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. | 7.5 | HIGH | β | 0 |
| CVE-2023-41238 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <=Β 2.8.3 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-41241 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <=Β 2.5.0 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-41242 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <=Β 1.5.7 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-41305 Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2023-41306 Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable. | 3.7 | LOW | β | 0 |
| CVE-2023-41307 Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability. | 7.5 | HIGH | β | 0 |
| CVE-2023-41308 Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2023-41309 Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability. | 7.5 | HIGH | β | 0 |
| CVE-2023-41310 Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background. | 3.3 | LOW | β | 0 |
| CVE-2023-41311 Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-41326 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged ... | 8.1 | HIGH | β | 0 |
| CVE-2023-41312 Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-41320 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout... | 8.1 | HIGH | β | 0 |
| CVE-2023-41321 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API us... | 4.9 | MEDIUM | β | 0 |
| CVE-2023-41322 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user wi... | 4.9 | MEDIUM | β | 0 |
| CVE-2023-41323 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauth... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-41324 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API us... | 8.1 | HIGH | β | 0 |
| CVE-2023-41332 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/... | 3.5 | LOW | β | 0 |
| CVE-2023-41333 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is abl... | 6.9 | MEDIUM | β | 0 |
| CVE-2023-41335 Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. Whil... | 3.7 | LOW | β | 0 |
| CVE-2023-41653 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e β Sermons Online plugin <=Β 1.0.0 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-41860 Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <=Β 1.0.1 versions. | 5.8 | MEDIUM | β | 0 |
| CVE-2023-41861 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <=Β 2.2.4 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-41878 MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Mete... | 4.6 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.