A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.
CWE-79
CVE-2023-0650
A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability.
CVE-2023-0676
Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677
Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
CVE-2023-0380
The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0410
Cross-site Scripting (XSS) – Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.