CVE-2023-30148
6.1 MEDIUMMultiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* v...
Published: 2023-10-14 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
- CWE
- CWE-79
Affected products
| Vendor | Product |
|---|---|
| store-opart | multi_html_block |
Description
Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2023-36263 — Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection (9.8 CRITICAL)
- CVE-2023-34576 — SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands v... (9.8 CRITICAL)
- CVE-2023-34575 — SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSave... (9.8 CRITICAL)
Same CWE
- CVE-2026-12202 — A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3 (2.4 LOW)
- CVE-2026-12176 — A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 (4.3 MEDIUM)
- CVE-2026-5513 — The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '... (7.2 HIGH)
- CVE-2026-9629 — The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including... (6.4 MEDIUM)
- CVE-2026-3297 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anc... (6.4 MEDIUM)