CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-3784 – Dooblou WiFi File Explorer cross site scripting
https://notcve.org/view.php?id=CVE-2023-3784
A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be launched remotely. • https://seclists.org/fulldisclosure/2023/Jul/37 https://vuldb.com/?ctiid.235051 https://vuldb.com/?id.235051 https://www.vulnerability-lab.com/get_content.php?id=2317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-3783 – Webile HTTP POST Request cross site scripting
https://notcve.org/view.php?id=CVE-2023-3783
A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_name/c leads to cross site scripting. It is possible to launch the attack remotely. • https://seclists.org/fulldisclosure/2023/Jul/38 https://vuldb.com/?ctiid.235050 https://vuldb.com/?id.235050 https://www.vulnerability-lab.com/get_content.php?id=2321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0431 – File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2023-0431
The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. The File Away plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/fdcbd9a3-552d-439e-b283-1d3d934889af • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2678 – SourceCodester File Tracker Manager System POST Parameter save_user.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-2678
A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/csbsong/bug_report/blob/main/XSS.md https://vuldb.com/?ctiid.228892 https://vuldb.com/?id.228892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2643 – SourceCodester File Tracker Manager System POST Parameter update_password.php sql injection
https://notcve.org/view.php?id=CVE-2023-2643
A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/update_password.php of the component POST Parameter Handler. The manipulation of the argument new_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GZRsecurity/cve/blob/main/SQLi.md https://vuldb.com/?ctiid.228772 https://vuldb.com/?id.228772 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •