Export limit exceeded: 45409 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45409 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35139 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2024-11-21 | 5.2 Medium |
| A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed to steal cookies when the user visits the specific CGI used for dumping ZTP logs. | ||||
| CVE-2023-35131 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.1 Medium |
| Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14. | ||||
| CVE-2023-35098 | 1 Wordpress Nextgen Galleryview Project | 1 Wordpress Nextgen Galleryview | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions. | ||||
| CVE-2023-35095 | 1 Flothemes | 1 Flo Forms | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin <= 1.0.40 versions. | ||||
| CVE-2023-35092 | 1 Abhayrajmca | 1 Breadcrumb Simple | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abhay Yadav Breadcrumb simple plugin <= 1.3 versions. | ||||
| CVE-2023-35090 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions. | ||||
| CVE-2023-35048 | 1 Magepeople | 1 Booking \& Rental Manager | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1 versions. | ||||
| CVE-2023-35043 | 1 Recent Posts Slider Project | 1 Recent Posts Slider | 2024-11-21 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions. | ||||
| CVE-2023-35024 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 4.6 Medium |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349. | ||||
| CVE-2023-34977 | 1 Qnap | 1 Video Station | 2024-11-21 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | ||||
| CVE-2023-34941 | 1 Asus | 2 Rt-n10lx, Rt-n10lx Firmware | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-34869 | 1 Phpjabbers | 1 Catering System | 2024-11-21 | 6.1 Medium |
| PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot. | ||||
| CVE-2023-34637 | 1 Isarnet | 1 Isarflow | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title parameter in the IsarFlow Portal. | ||||
| CVE-2023-34565 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function. | ||||
| CVE-2023-34447 | 1 Combodo | 1 Itop | 2024-11-21 | 8.8 High |
| iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | ||||
| CVE-2023-34446 | 1 Combodo | 1 Itop | 2024-11-21 | 8.8 High |
| iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | ||||
| CVE-2023-34439 | 1 Pleasanter | 1 Pleasanter | 2024-11-21 | 5.4 Medium |
| Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. | ||||
| CVE-2023-34412 | 2 Helmholz, Redlion | 34 Rex 200, Rex 200 Firmware, Rex 250 and 31 more | 2024-11-21 | 4.8 Medium |
| A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS). | ||||
| CVE-2023-34377 | 1 Joedolson | 1 My Content Management | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions. | ||||
| CVE-2023-34375 | 1 10web | 1 Seo | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions. | ||||