Export limit exceeded: 45472 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45472 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5749 | 1 Wpdeveloper | 1 Embedpress | 2024-11-21 | 6.1 Medium |
| The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-5738 | 1 Webtoffee | 1 Backup And Migration | 2024-11-21 | 5.4 Medium |
| The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. | ||||
| CVE-2023-5701 | 1 Vnote Project | 1 Vnote | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5698 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136. | ||||
| CVE-2023-5697 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614--><ScRiPt%20>alert(1234)</ScRiPt><!-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243135. | ||||
| CVE-2023-5696 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928--><ScRiPt%20>alert(9206)</ScRiPt><!-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243134 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5695 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability. | ||||
| CVE-2023-5694 | 2 Codeastro, Martmbithi | 2 Internet Banking System, Internet Banking System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132. | ||||
| CVE-2023-5689 | 1 Modoboa | 1 Modoboa | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | ||||
| CVE-2023-5688 | 1 Modoboa | 1 Modoboa | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | ||||
| CVE-2023-5653 | 1 Wassup Real Time Analytics Project | 1 Wassup Real Time Analytics | 2024-11-21 | 6.1 Medium |
| The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins | ||||
| CVE-2023-5641 | 1 Martinstools | 1 Free \& Easy Link Building | 2024-11-21 | 6.1 Medium |
| The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-5620 | 1 Webpushr | 1 Web Push Notifications | 2024-11-21 | 5.4 Medium |
| The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. | ||||
| CVE-2023-5609 | 1 S-sols | 1 Seraphinite Accelerator | 2024-11-21 | 6.1 Medium |
| The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-5605 | 1 Kaizencoders | 1 Url Shortify | 2024-11-21 | 4.8 Medium |
| The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-5599 | 1 Dassault | 2 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 | 2024-11-21 | 5.4 Medium |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code. | ||||
| CVE-2023-5598 | 1 Dassault | 2 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 | 2024-11-21 | 5.4 Medium |
| Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code. | ||||
| CVE-2023-5585 | 1 Oretnom23 | 1 Online Motorcycle \(bike\) Rental System | 2024-11-21 | 2.4 Low |
| A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5581 | 1 Oretnom23 | 1 Medicine Tracker System | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5564 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1. | ||||