Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45871 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2023-34637 1 Isarnet 1 Isarflow 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title parameter in the IsarFlow Portal.
CVE-2023-34565 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function.
CVE-2023-34447 1 Combodo 1 Itop 2024-11-21 8.8 High
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
CVE-2023-34446 1 Combodo 1 Itop 2024-11-21 8.8 High
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
CVE-2023-34439 1 Pleasanter 1 Pleasanter 2024-11-21 5.4 Medium
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
CVE-2023-34412 2 Helmholz, Redlion 34 Rex 200, Rex 200 Firmware, Rex 250 and 31 more 2024-11-21 4.8 Medium
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
CVE-2023-34377 1 Joedolson 1 My Content Management 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions.
CVE-2023-34375 1 10web 1 Seo 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions.
CVE-2023-34374 1 Anspress 1 Anspress 2024-11-21 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <= 4.3.0 versions.
CVE-2023-34372 1 Didcode 1 Spamreferrerblock 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions.
CVE-2023-34369 1 Login Configurator Project 1 Login Configurator 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.
CVE-2023-34368 1 Kanbanwp 1 Kanban Boards 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.
CVE-2023-34360 1 Asus 2 Rt-ax88u, Rt-ax88u Firmware 2024-11-21 8.2 High
A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.
CVE-2023-34244 1 Glpi-project 1 Glpi 2024-11-21 6.5 Medium
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch.
CVE-2023-34187 1 Alantien 1 Call Now Icon Animate 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Tien Call Now Icon Animate plugin <= 0.1.0 versions.
CVE-2023-34184 1 Bhavikpatel 1 Woocommerce-order-address-print 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <= 3.2 versions.
CVE-2023-34183 1 Unitegallery 1 Unite Gallery Lite 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.
CVE-2023-34180 1 Kaplugins 1 Free-google-fonts 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <= 3.0.0 versions.
CVE-2023-34176 1 Chilexpress 1 Chilexpress-oficial 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpress Chilexpress woo oficial plugin <= 1.2.9 versions.
CVE-2023-34175 1 Login Configurator Project 1 Login Configurator 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.