Export limit exceeded: 45414 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45414 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39006 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 5.4 Medium |
| The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. | ||||
| CVE-2023-39002 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-39000 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path. | ||||
| CVE-2023-38974 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | ||||
| CVE-2023-38973 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | ||||
| CVE-2023-38971 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function. | ||||
| CVE-2023-38970 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function. | ||||
| CVE-2023-38969 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function. | ||||
| CVE-2023-38964 | 1 Creativeitem | 1 Academy Lms | 2024-11-21 | 6.1 Medium |
| Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-38911 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. | ||||
| CVE-2023-38910 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 6.1 Medium |
| CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin. | ||||
| CVE-2023-38904 | 1 Decapcms | 1 Netlify Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function. | ||||
| CVE-2023-38888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 9.6 Critical |
| Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject. | ||||
| CVE-2023-38883 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'. | ||||
| CVE-2023-38882 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php' | ||||
| CVE-2023-38881 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'. | ||||
| CVE-2023-38878 | 1 Devcode | 1 Openstamanager | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'. | ||||
| CVE-2023-38876 | 1 Msaad1999 | 1 Php-login-system | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'. | ||||
| CVE-2023-38875 | 1 Msaad1999 | 1 Php-login-system | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'. | ||||
| CVE-2023-38826 | 1 Follettlearning | 1 Solutions Destiny | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString. | ||||