Export limit exceeded: 45472 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45472 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5316 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | ||||
| CVE-2023-5305 | 1 Anujk305 | 1 Online Banquet Booking System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944. | ||||
| CVE-2023-5304 | 1 Anujk305 | 1 Online Banquet Booking System | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943. | ||||
| CVE-2023-5303 | 1 Phpgurukul | 1 Online Banquet Booking System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5302 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability. | ||||
| CVE-2023-5287 | 1 Beecms | 1 Beecms | 2024-11-21 | 2.4 Low |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admin_content_tag.php?action=save_content. The manipulation of the argument tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240915. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-5286 | 1 Oretnom23 | 1 Expense Tracker | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5244 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. | ||||
| CVE-2023-5210 | 1 Amp-cloud | 1 Amp Plus | 2024-11-21 | 6.1 Medium |
| The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-5209 | 1 Booking-wp-plugin | 1 Bookly | 2024-11-21 | 4.8 Medium |
| The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-5141 | 1 Bannersky | 1 Bsk Contact Form 7 Blacklist | 2024-11-21 | 6.1 Medium |
| The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-5140 | 1 Computy | 1 Bonus For Woo | 2024-11-21 | 6.1 Medium |
| The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-5119 | 1 Incsub | 1 Forminator | 2024-11-21 | 4.8 Medium |
| The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | ||||
| CVE-2023-5113 | 1 Hp | 1133 Color Laserjet Enterprise 5700 49k98a, Color Laserjet Enterprise 5700 6qn28a, Color Laserjet Enterprise 6700 49l00a and 1130 more | 2024-11-21 | 6.1 Medium |
| Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. | ||||
| CVE-2023-5112 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-5111 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-5074 | 1 Dlink | 1 D-view 8 | 2024-11-21 | 9.8 Critical |
| Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | ||||
| CVE-2023-5060 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. | ||||
| CVE-2023-5026 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown function of the file /general/ipanel/menu_code.php?MENU_TYPE=FAV. The manipulation of the argument OA_SUB_WINDOW leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239868. | ||||
| CVE-2023-5025 | 1 Koha | 1 Koha | 2024-11-21 | 3.5 Low |
| A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability. | ||||