Export limit exceeded: 45440 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45440 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42497 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 9.6 Critical |
| Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter. | ||||
| CVE-2023-42492 | 1 Busbaer | 1 Eisbaer Scada | 2024-11-21 | 7.1 High |
| EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key | ||||
| CVE-2023-42478 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | 7.5 High |
| SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. | ||||
| CVE-2023-42476 | 1 Sap | 1 Businessobjects Web Intelligence | 2024-11-21 | 6.8 Medium |
| SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases. | ||||
| CVE-2023-42474 | 1 Sap | 1 Businessobjects Web Intelligence | 2024-11-21 | 6.8 Medium |
| SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information. | ||||
| CVE-2023-42452 | 1 Joinmastodon | 1 Mastodon | 2024-11-21 | 6.1 Medium |
| Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to execute in the browser. The impact is limited thanks to Mastodon's strict Content Security Policy, blocking inline scripts, etc. However a CSP bypass or loophole could be exploited to execute malicious XSS. Furthermore, it requires user interaction, as this can only occur upon clicking the “Translate” button on a malicious post. Versions 4.0.10, 4.2.8, and 4.2.0-rc2 contain a patch for this issue. | ||||
| CVE-2023-42436 | 1 Weseek | 1 Growi | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | ||||
| CVE-2023-42431 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | 2.1 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context. | ||||
| CVE-2023-42426 | 1 Froala | 1 Froala Editor | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. | ||||
| CVE-2023-42399 | 1 Xdsoft | 1 Joditeditor | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component. | ||||
| CVE-2023-42371 | 1 Summernote | 1 Rich Text Editor | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component. | ||||
| CVE-2023-42362 | 1 Teller | 1 Teller | 2024-11-21 | 5.4 Medium |
| An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file. | ||||
| CVE-2023-42336 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2024-11-21 | 9.8 Critical |
| An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. | ||||
| CVE-2023-42328 | 1 Peppermint | 1 Peppermint | 2024-11-21 | 8.8 High |
| An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. | ||||
| CVE-2023-42327 | 1 Netgate | 1 Pfsense | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | ||||
| CVE-2023-42253 | 1 Vehicle Management Project | 1 Vehicle Management | 2024-11-21 | 6.1 Medium |
| Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scripting (XSS) in Add Accounts via Invoice No, To, and Mammul. | ||||
| CVE-2023-42029 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2024-11-21 | 4.8 Medium |
| IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. | ||||
| CVE-2023-42022 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938. | ||||
| CVE-2023-42014 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 5.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265511. | ||||
| CVE-2023-42009 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504. | ||||