Export limit exceeded: 45616 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45616 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1884 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1885 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 6.3 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1892 | 1 Contribsys | 1 Sidekiq | 2025-02-10 | 9.6 Critical |
| Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. | ||||
| CVE-2024-22288 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2025-02-10 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0. | ||||
| CVE-2024-21990 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2025-02-10 | 5.4 Medium |
| ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. | ||||
| CVE-2024-3616 | 1 Oretnom23 | 1 Warehouse Management System | 2025-02-10 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. This vulnerability affects unknown code of the file pengguna.php. The manipulation of the argument admin_user/admin_nama/admin_alamat/admin_telepon leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260272. | ||||
| CVE-2023-1851 | 1 Online Payroll System Project | 1 Online Payroll System | 2025-02-10 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991. | ||||
| CVE-2023-1853 | 1 Online Payroll System Project | 1 Online Payroll System | 2025-02-10 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability. | ||||
| CVE-2022-47053 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-02-10 | 5.4 Medium |
| An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. | ||||
| CVE-2023-28636 | 1 Glpi-project | 1 Glpi | 2025-02-10 | 4.5 Medium |
| GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7. | ||||
| CVE-2023-28849 | 1 Glpi-project | 1 Glpi | 2025-02-10 | 10 Critical |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory. | ||||
| CVE-2023-28852 | 1 Glpi-project | 1 Glpi | 2025-02-10 | 4.8 Medium |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | ||||
| CVE-2023-27666 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2025-02-10 | 6.1 Medium |
| Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. | ||||
| CVE-2023-27572 | 1 Commscope | 2 Dg3450, Dg3450 Firmware | 2025-02-10 | 6.1 Medium |
| An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. | ||||
| CVE-2023-29014 | 1 Intranda | 1 Goobi Viewer Core | 2025-02-10 | 6.1 Medium |
| The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. The vulnerability has been fixed in version 23.03. | ||||
| CVE-2023-29015 | 1 Intranda | 1 Goobi Viewer Core | 2025-02-10 | 6.1 Medium |
| The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03. | ||||
| CVE-2023-29016 | 1 Intranda | 1 Goobi Viewer Core | 2025-02-10 | 6.1 Medium |
| The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03. | ||||
| CVE-2024-3443 | 1 Fast5 | 1 Prison Management System | 2025-02-10 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696. | ||||
| CVE-2024-4512 | 1 Fast5 | 1 Prison Management System | 2025-02-10 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116. | ||||
| CVE-2024-4528 | 1 Fast5 | 1 Prison Management System | 2025-02-10 | 2.4 Low |
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263131. | ||||