Export limit exceeded: 45409 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45409 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36474 | 1 Projectdiscovery | 1 Interactsh | 2024-11-21 | 8.2 High |
| Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user's browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default. | ||||
| CVE-2023-36473 | 1 Discourse | 1 Discourse | 2024-11-21 | 6.8 Medium |
| Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches. | ||||
| CVE-2023-36389 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected directly in the response without sanitization while throwing an “invalid path” error. | ||||
| CVE-2023-36386 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the get_elements parameters. | ||||
| CVE-2023-36385 | 1 Wpxpo | 1 Postx | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions. | ||||
| CVE-2023-36384 | 1 Booking Calendar Project | 1 Booking Calendar | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions. | ||||
| CVE-2023-36383 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2024-11-21 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.9.5 versions. | ||||
| CVE-2023-36376 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 4.8 Medium |
| Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section. | ||||
| CVE-2023-36317 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL. | ||||
| CVE-2023-36315 | 1 Phpjabbers | 1 Callback Widget | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0. | ||||
| CVE-2023-36314 | 1 Phpjabbers | 1 Callback Widget | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0. | ||||
| CVE-2023-36313 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | 6.1 Medium |
| PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". | ||||
| CVE-2023-36312 | 1 Phpjabbers | 1 Callback Widget | 2024-11-21 | 5.4 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. | ||||
| CVE-2023-36310 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | ||||
| CVE-2023-36309 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. | ||||
| CVE-2023-36306 | 1 Adiscon | 1 Loganalyzer | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components. | ||||
| CVE-2023-36234 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. | ||||
| CVE-2023-36217 | 1 Xoops | 1 Xoops | 2024-11-21 | 9.0 Critical |
| Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. | ||||
| CVE-2023-36211 | 1 Cubiclesoft | 1 Barebones Cms | 2024-11-21 | 5.4 Medium |
| The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel. | ||||
| CVE-2023-36159 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | ||||