Export limit exceeded: 344057 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45340 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27225 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field. | ||||
| CVE-2023-27169 | 1 Xpand-it | 1 Write-back Manager | 2024-11-21 | 6.5 Medium |
| Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation. | ||||
| CVE-2023-27150 | 1 Opencrx | 1 Opencrx | 2024-11-21 | 5.4 Medium |
| openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. | ||||
| CVE-2023-27149 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. | ||||
| CVE-2023-27148 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. | ||||
| CVE-2023-27121 | 1 Pleasantsolutions | 1 Pleasant Password Server | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter. | ||||
| CVE-2023-26961 | 1 Alteryx | 1 Alteryx Server | 2024-11-21 | 4.8 Medium |
| Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request. | ||||
| CVE-2023-26958 | 1 Phpgurukul | 1 Park Ticketing Management System | 2024-11-21 | 4.8 Medium |
| Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter. | ||||
| CVE-2023-26913 | 1 Evolucare | 1 Ecs Imaging | 2024-11-21 | 6.1 Medium |
| EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. php. | ||||
| CVE-2023-26577 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. | ||||
| CVE-2023-26541 | 1 Asmember Project | 1 Asmember | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions. | ||||
| CVE-2023-26539 | 1 Advanced Text Widget Project | 1 Advanced Text Widget | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions. | ||||
| CVE-2023-26538 | 1 Chat Bee Project | 1 Chat Bee | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions. | ||||
| CVE-2023-26530 | 1 Updraftplus | 1 Updraft | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Kehrer Updraft plugin <= 0.6.1 versions. | ||||
| CVE-2023-26528 | 1 Shipyaari | 1 Shipping Management | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jinit9906 Shipyaari Shipping Management plugin <= 1.0 versions. | ||||
| CVE-2023-26527 | 1 Wpindeed | 1 Debug Assistant | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions. | ||||
| CVE-2023-26515 | 1 Simple Slug Translate Project | 1 Simple Slug Translate | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions. | ||||
| CVE-2023-26450 | 1 Open-xchange | 1 Open-xchange Appsuite Frontend | 2024-11-21 | 5.4 Medium |
| The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known. | ||||
| CVE-2023-26449 | 1 Open-xchange | 1 Open-xchange Appsuite Frontend | 2024-11-21 | 5.4 Medium |
| The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known. | ||||
| CVE-2023-26448 | 1 Open-xchange | 1 Open-xchange Appsuite Frontend | 2024-11-21 | 5.4 Medium |
| Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content for those locations to avoid redirects to malicious content. No publicly available exploits are known. | ||||