CVE-2023-29427

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.

Source: CVE-2023-29427

CVE-2023-29423

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions.

Source: CVE-2023-29423

CVE-2023-29424

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.

Source: CVE-2023-29424

CVE-2023-1619

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

Source: CVE-2023-1619

CVE-2023-1620

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

Source: CVE-2023-1620

CVE-2023-22359

User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.

Source: CVE-2023-22359

CVE-2023-1150

Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.

Source: CVE-2023-1150

CVE-2023-29093

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions.

Source: CVE-2023-29093

CVE-2023-28991

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19 versions.

Source: CVE-2023-28991

CVE-2023-28992

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin <= 5.4.3 versions.

Source: CVE-2023-28992