Security Vulnerabilities - CVEs Published In December 2023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-15
Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-12-15
Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-12-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-15
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.
CVSS Score
2.0
EPSS Score
0.0
Published
2023-12-15
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-12-15
Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4.
CVSS Score
7.2
EPSS Score
0.004
Published
2023-12-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through 1.2.4.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-15