Export limit exceeded: 45574 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45574 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5437 | 1 Oretnom23 | 1 Simple Online Bidding System | 2024-12-09 | 3.5 Low |
| A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266442 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-33495 | 1 Craftcms | 1 Craft Cms | 2024-12-09 | 6.1 Medium |
| Craft CMS through 4.4.9 is vulnerable to HTML Injection. | ||||
| CVE-2020-21485 | 1 Alluxio | 1 Alluxio | 2024-12-09 | 6.1 Medium |
| Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component. | ||||
| CVE-2020-21268 | 1 Easycorp | 1 Zentao | 2024-12-09 | 6.1 Medium |
| Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. | ||||
| CVE-2023-34461 | 1 Pybb Project | 1 Pybb | 2024-12-09 | 4.6 Medium |
| PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `<a>` that looks like ```<a href=javascript:alert (1)>xss</a>``` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled "post.html" in templates or by adding manual validation of links in the post creation section. | ||||
| CVE-2023-32659 | 1 Subnet | 1 Powersystem Center | 2024-12-09 | 6.5 Medium |
| SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. | ||||
| CVE-2024-0011 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | 4.3 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. | ||||
| CVE-2023-4419 | 1 Sick | 7 Lms500, Lms500 Firmware, Lms511 and 4 more | 2024-12-09 | 9.8 Critical |
| The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. | ||||
| CVE-2022-1002 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 2 Low |
| Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations. | ||||
| CVE-2023-1421 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 3.5 Low |
| A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter. | ||||
| CVE-2023-1776 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 7.3 High |
| Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file. | ||||
| CVE-2024-38503 | 1 Apache | 1 Syncope | 2024-12-06 | 3.9 Low |
| When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue. | ||||
| CVE-2023-32274 | 1 Enphase | 1 Installer Toolkit | 2024-12-06 | 8.6 High |
| Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information. | ||||
| CVE-2024-37476 | 1 Automattic | 1 Newspack Popups | 2024-12-06 | 6.5 Medium |
| Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1. | ||||
| CVE-2024-1834 | 1 Oretnom23 | 1 Simple Student Attendance System | 2024-12-06 | 3.5 Low |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254625 was assigned to this vulnerability. | ||||
| CVE-2024-1822 | 1 Phpgurukul | 1 Tourism Management System | 2024-12-06 | 2.4 Low |
| A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-29707 | 1 Gbcom | 1 Lac Web Control Center | 2024-12-06 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device. | ||||
| CVE-2023-30347 | 1 Stl | 1 Neox Dial Centre | 2024-12-06 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search. | ||||
| CVE-2023-33725 | 1 Broadleafcommerce | 1 Broadleaf Commerce | 2024-12-06 | 6.1 Medium |
| Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA. | ||||
| CVE-2023-33591 | 1 User Registration \& Login And User Management System Project | 1 User Registration \& Login And User Management System | 2024-12-06 | 6.1 Medium |
| User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. | ||||