Export limit exceeded: 45442 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45442 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43331 | 1 Small Crm Project | 1 Small Crm | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-43326 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. | ||||
| CVE-2023-43325 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. | ||||
| CVE-2023-43319 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | ||||
| CVE-2023-43309 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.8 Medium |
| There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload. | ||||
| CVE-2023-43267 | 1 Emlog | 1 Emlog | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. | ||||
| CVE-2023-43263 | 1 Froala | 1 Froala Editor | 2024-11-21 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. | ||||
| CVE-2023-43260 | 1 Milesight | 15 Ur32, Ur32 Firmware, Ur32l and 12 more | 2024-11-21 | 6.1 Medium |
| Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. | ||||
| CVE-2023-43233 | 1 Yzncms | 1 Yzncms | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. | ||||
| CVE-2023-43232 | 1 Dedebiz | 1 Dedebiz | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. | ||||
| CVE-2023-43193 | 1 Rcos | 1 Submitty | 2024-11-21 | 6.1 Medium |
| Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS. | ||||
| CVE-2023-43191 | 1 Jrecms | 1 Springbootcms | 2024-11-21 | 5.4 Medium |
| SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft | ||||
| CVE-2023-43103 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. | ||||
| CVE-2023-43102 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. | ||||
| CVE-2023-43065 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 5.5 Medium |
| Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. | ||||
| CVE-2023-43057 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.6 Medium |
| IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484. | ||||
| CVE-2023-42817 | 1 Pimcore | 1 Admin Classic Bundle | 2024-11-21 | 5.4 Medium |
| Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually. | ||||
| CVE-2023-42808 | 1 Mozilla | 1 Common Voice | 2024-11-21 | 6.1 Medium |
| Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist. | ||||
| CVE-2023-42765 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-11-21 | 5.4 Medium |
| An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. | ||||
| CVE-2023-42656 | 1 Progress | 1 Moveit Transfer | 2024-11-21 | 6.1 Medium |
| In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. | ||||