Export limit exceeded: 345014 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345014 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45437 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41940 | 1 Jenkins | 1 Tap | 2024-11-21 | 5.4 Medium |
| Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. | ||||
| CVE-2023-41931 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | 5.4 Medium |
| Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-41922 | 1 Kiloview | 4 P1, P1 Firmware, P2 and 1 more | 2024-11-21 | 7.2 High |
| A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities. | ||||
| CVE-2023-41919 | 1 Kiloview | 4 P1, P1 Firmware, P2 and 1 more | 2024-11-21 | 9.8 Critical |
| Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access. | ||||
| CVE-2023-41905 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 5.4 Medium |
| NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. | ||||
| CVE-2023-41895 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | 8.8 High |
| Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the `redirect_uri` and `client_id` parameters. Although the `redirect_uri` validation typically ensures that it matches the `client_id` and the scheme represents either `http` or `https`, Home Assistant will fetch the `client_id` and check for `<link rel="redirect_uri" href="...">` HTML tags on the page. These URLs are not subjected to the same scheme validation and thus allow for arbitrary JavaScript execution on the Home Assistant administration page via usage of `javascript:` scheme URIs. This Cross-site Scripting (XSS) vulnerability can be executed on the Home Assistant frontend domain, which may be used for a full takeover of the Home Assistant account and installation. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41878 | 1 Metersphere | 1 Metersphere | 2024-11-21 | 4.6 Medium |
| MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41874 | 1 Tychesoftwares | 1 Order Delivery Date For Woocommerce | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions. | ||||
| CVE-2023-41872 | 1 Xtemos | 1 Woodmart | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions. | ||||
| CVE-2023-41871 | 1 Ays-pro | 1 Poll Maker | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions. | ||||
| CVE-2023-41868 | 1 Codestag | 1 Stagtools | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions. | ||||
| CVE-2023-41867 | 1 Acymailing | 1 Acymailing | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions. | ||||
| CVE-2023-41863 | 1 Peprodev | 1 Peprodev Cf7 Database | 2024-11-21 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <= 1.7.0 versions. | ||||
| CVE-2023-41861 | 1 Tickera | 1 Restrict | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions. | ||||
| CVE-2023-41860 | 1 Travelmap | 1 Travelmap | 2024-11-21 | 5.8 Medium |
| Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <= 1.0.1 versions. | ||||
| CVE-2023-41856 | 1 Clicktotweet | 1 Click To Tweet | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <= 2.0.14 versions. | ||||
| CVE-2023-41855 | 1 Regpacks | 1 Regpack | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions. | ||||
| CVE-2023-41847 | 1 Wensolutions | 1 Notice Bar | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions. | ||||
| CVE-2023-41815 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.5 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774. | ||||
| CVE-2023-41814 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.7 Low |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. | ||||