Export limit exceeded: 45409 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45409 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36138 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-11-21 | 6.1 Medium |
| PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. | ||||
| CVE-2023-36137 | 1 Phpjabbers | 1 Class Scheduling System | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0. | ||||
| CVE-2023-36126 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | ||||
| CVE-2023-36121 | 1 E107 | 1 E107 | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | ||||
| CVE-2023-36081 | 1 Gatesair | 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard. | ||||
| CVE-2023-35987 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 9.8 Critical |
| PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. | ||||
| CVE-2023-35978 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | 6.1 Medium |
| A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||
| CVE-2023-35971 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | 8.8 High |
| A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||
| CVE-2023-35929 | 1 Enalean | 1 Tuleap | 2024-11-21 | 5.4 Medium |
| Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix. | ||||
| CVE-2023-35918 | 1 Woocommerce | 1 Bulk Stock Management | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. | ||||
| CVE-2023-35905 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | 4.6 Medium |
| IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384. | ||||
| CVE-2023-35884 | 1 Metagauss | 1 Eventprime | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions. | ||||
| CVE-2023-35882 | 1 Heateor | 1 Super Socializer | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin <= 7.13.52 versions. | ||||
| CVE-2023-35878 | 1 Extra User Details Project | 1 Extra User Details | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin <= 0.5 versions. | ||||
| CVE-2023-35796 | 1 Siemens | 1 Sinema Server | 2024-11-21 | 8.3 High |
| A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823) | ||||
| CVE-2023-35779 | 1 Seedwebs | 1 Seed Fonts | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions. | ||||
| CVE-2023-35776 | 1 Bearsthemes | 1 Sermons Online | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions. | ||||
| CVE-2023-35772 | 1 Google Map Shortcode Project | 1 Google Map Shortcode | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions. | ||||
| CVE-2023-35763 | 1 Iagona | 1 Scrutisweb | 2024-11-21 | 5.5 Medium |
| Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. | ||||
| CVE-2023-35759 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 6.1 Medium |
| In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. | ||||