Export limit exceeded: 344892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45421 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3521 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. | ||||
| CVE-2023-3506 | 1 Activeitzone | 1 Active Ecommerce Cms | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/support_ticket of the component Create Ticket Page. The manipulation of the argument details with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-232954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3505 | 1 Onesttech | 1 Onest Customer Relation Management System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3481 | 1 Google | 1 Critters | 2024-11-21 | 5.7 Medium |
| Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension. | ||||
| CVE-2023-3479 | 1 Hestiacp | 2 Control Panel, Hestiacp | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. | ||||
| CVE-2023-3477 | 1 Rocketsoft | 1 Rocket Lms | 2024-11-21 | 3.5 Low |
| A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756. | ||||
| CVE-2023-3476 | 1 Simplephpscripts | 1 Guestbook Script | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755. | ||||
| CVE-2023-3475 | 1 Simplephpscripts | 1 Event Script | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-3469 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2. | ||||
| CVE-2023-3466 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-11-21 | 8.3 High |
| Reflected Cross-Site Scripting (XSS) | ||||
| CVE-2023-3465 | 1 Simplephpscripts | 1 Classified Ads Script Php | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232711. | ||||
| CVE-2023-3464 | 1 Simplephpscripts | 1 Classified Ads Script Php | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. VDB-232710 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-3445 | 1 Denkgroot | 1 Spina | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1. | ||||
| CVE-2023-3382 | 1 Game Result Matrix System Project | 1 Game Result Matrix System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument del_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-232238 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-3319 | 1 Idisplay | 1 Platplay Ds | 2024-11-21 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14. | ||||
| CVE-2023-3318 | 1 Resort Management System Project | 1 Resort Management System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability. | ||||
| CVE-2023-3264 | 2 Cyberpower, Dataprobe | 45 Powerpanel Server, Iboot-pdu4-c20, Iboot-pdu4-c20 Firmware and 42 more | 2024-11-21 | 6.7 Medium |
| The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records. | ||||
| CVE-2023-3262 | 1 Dataprobe | 45 Iboot-pdu4-c20, Iboot-pdu4-c20 Firmware, Iboot-pdu4-n20 and 42 more | 2024-11-21 | 6.7 Medium |
| The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records. | ||||
| CVE-2023-3237 | 1 Otcms | 1 Otcms | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508. | ||||
| CVE-2023-3196 | 1 Capensis | 1 Canopsis | 2024-11-21 | 4.7 Medium |
| This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel. | ||||