Export limit exceeded: 349837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45865 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33794 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33793 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33792 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33791 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33790 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33789 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33788 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33787 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33786 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33744 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2024-11-21 | 9.8 Critical |
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. | ||||
| CVE-2023-33580 | 1 Phpgurukul | 1 Student Study Center Management System | 2024-11-21 | 4.8 Medium |
| Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page. | ||||
| CVE-2023-33564 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. | ||||
| CVE-2023-33560 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. | ||||
| CVE-2023-33413 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-11-21 | 8.8 High |
| The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | ||||
| CVE-2023-33372 | 1 Connectedio | 1 Connected Io | 2024-11-21 | 9.8 Critical |
| Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | ||||
| CVE-2023-33371 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 9.8 Critical |
| Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | ||||
| CVE-2023-33356 | 1 Thecosy | 1 Icecms | 2024-11-21 | 5.4 Medium |
| IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-33332 | 1 Woocommerce Product Vendors Project | 1 Woocommerce Product Vendors | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions. | ||||
| CVE-2023-33329 | 1 Custom Post Type Generator Project | 1 Custom Post Type Generator | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Hijiri Custom Post Type Generator plugin <= 2.4.2 versions. | ||||
| CVE-2023-33328 | 1 Pluginops | 1 Mailchimp Subscribe Form | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps MailChimp Subscribe Form plugin <= 4.0.9.1 versions. | ||||