Export limit exceeded: 345064 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45442 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43879 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 4.8 Medium |
| Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. | ||||
| CVE-2023-43878 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 5.4 Medium |
| Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. | ||||
| CVE-2023-43877 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 4.8 Medium |
| Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. | ||||
| CVE-2023-43876 | 1 Octobercms | 1 October | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. | ||||
| CVE-2023-43875 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.1 Medium |
| Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail. | ||||
| CVE-2023-43874 | 1 E107 | 1 E107 Cms | 2024-11-21 | 5.4 Medium |
| Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. | ||||
| CVE-2023-43873 | 1 E107 | 1 E107 Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. | ||||
| CVE-2023-43872 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | ||||
| CVE-2023-43871 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 5.4 Medium |
| A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | ||||
| CVE-2023-43830 | 1 Intelliants | 1 Subrion | 2024-11-21 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'. | ||||
| CVE-2023-43828 | 1 Intelliants | 1 Subrion | 2024-11-21 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. | ||||
| CVE-2023-43797 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 6.3 Medium |
| BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds. | ||||
| CVE-2023-43763 | 1 Withsecure | 1 F-secure Policy Manager | 2024-11-21 | 6.1 Medium |
| Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux. | ||||
| CVE-2023-43735 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43734 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43733 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43732 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43731 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "zone_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43730 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43729 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||