Export limit exceeded: 45466 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45466 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48172 | 1 Phpjabbers | 1 Shuttle Booking Software | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. | ||||
| CVE-2023-48116 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. | ||||
| CVE-2023-48115 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. | ||||
| CVE-2023-48114 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name. | ||||
| CVE-2023-48094 | 1 Cesium | 1 Cesiumjs | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product. | ||||
| CVE-2023-48088 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 5.4 Medium |
| xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. | ||||
| CVE-2023-48068 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | ||||
| CVE-2023-48055 | 1 Superagi | 1 Superagi | 2024-11-21 | 7.5 High |
| SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | ||||
| CVE-2023-48053 | 1 Archerydms | 1 Archery | 2024-11-21 | 7.5 High |
| Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | ||||
| CVE-2023-48042 | 1 Communitydeveloper | 1 Amazzing Filter | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. | ||||
| CVE-2023-47877 | 1 Perfmatters | 1 Perfmatters | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0. | ||||
| CVE-2023-47876 | 1 Perfmatters | 1 Perfmatters | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6. | ||||
| CVE-2023-47872 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3. | ||||
| CVE-2023-47851 | 1 Addonmaster | 1 Bootstrap Shortcodes Ultimate | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1. | ||||
| CVE-2023-47850 | 1 Peepso | 1 Peepso | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0. | ||||
| CVE-2023-47848 | 1 Tainacan | 1 Tainacan | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4. | ||||
| CVE-2023-47844 | 1 Neobie | 1 Grab \& Save | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4. | ||||
| CVE-2023-47839 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions. | ||||
| CVE-2023-47835 | 1 Ari-soft | 1 Ari Stream Quiz | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions. | ||||
| CVE-2023-47834 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions. | ||||