Export limit exceeded: 23252 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6889 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. | ||||
| CVE-2023-6838 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-11-21 | 6.1 Medium |
| Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests. | ||||
| CVE-2023-6790 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.8 High |
| A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. | ||||
| CVE-2023-6789 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 Medium |
| A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. | ||||
| CVE-2023-6778 | 1 Clear | 1 Clearml Server | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. | ||||
| CVE-2023-6775 | 1 Codeastro | 1 Pos And Inventory Management System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /item/item_con. The manipulation of the argument item_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247911. | ||||
| CVE-2023-6774 | 1 Codeastro | 1 Pos And Inventory Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247910 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6720 | 1 Europeana | 1 Repox | 2024-11-21 | 5.5 Medium |
| An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads. | ||||
| CVE-2023-6719 | 1 Europeana | 1 Repox | 2024-11-21 | 6.3 Medium |
| An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session. | ||||
| CVE-2023-6673 | 1 Nationalkeep | 1 Cybermath | 2024-11-21 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before v.1.5. | ||||
| CVE-2023-6672 | 1 Nationalkeep | 1 Cybermath | 2024-11-21 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS.This issue affects CyberMath: from v1.4 before v1.5. | ||||
| CVE-2023-6649 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input <script>alert(5)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6616 | 1 Oretnom23 | 1 Simple Student Attendance System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability. | ||||
| CVE-2023-6609 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 3.5 Low |
| A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6591 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 4.8 Medium |
| The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2023-6571 | 1 Kubeflow | 1 Kubeflow | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow | ||||
| CVE-2023-6568 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/__init__.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack. | ||||
| CVE-2023-6482 | 1 Synaptics | 1 Fingerprint Driver | 2024-11-21 | 5.2 Medium |
| Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | ||||
| CVE-2023-6473 | 1 Remyandrade | 1 Online Quiz System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246639. | ||||
| CVE-2023-6472 | 1 Phpems | 1 Phpems | 2024-11-21 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability. | ||||