Export limit exceeded: 46938 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46938 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1756 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 4.7 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1757 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1878 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1879 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1880 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1881 | 1 Microweber | 1 Microweber | 2025-02-10 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | ||||
| CVE-2023-1882 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1884 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1885 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 6.3 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1892 | 1 Contribsys | 1 Sidekiq | 2025-02-10 | 9.6 Critical |
| Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. | ||||
| CVE-2024-21990 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2025-02-10 | 5.4 Medium |
| ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. | ||||
| CVE-2024-3616 | 1 Oretnom23 | 1 Warehouse Management System | 2025-02-10 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. This vulnerability affects unknown code of the file pengguna.php. The manipulation of the argument admin_user/admin_nama/admin_alamat/admin_telepon leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260272. | ||||
| CVE-2023-1851 | 1 Online Payroll System Project | 1 Online Payroll System | 2025-02-10 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991. | ||||
| CVE-2023-1853 | 1 Online Payroll System Project | 1 Online Payroll System | 2025-02-10 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability. | ||||
| CVE-2022-47053 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-02-10 | 5.4 Medium |
| An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. | ||||
| CVE-2023-28636 | 1 Glpi-project | 1 Glpi | 2025-02-10 | 4.5 Medium |
| GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7. | ||||
| CVE-2023-28849 | 1 Glpi-project | 1 Glpi | 2025-02-10 | 10 Critical |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory. | ||||
| CVE-2023-28852 | 1 Glpi-project | 1 Glpi | 2025-02-10 | 4.8 Medium |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | ||||
| CVE-2023-27666 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2025-02-10 | 6.1 Medium |
| Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. | ||||
| CVE-2023-27572 | 1 Commscope | 2 Dg3450, Dg3450 Firmware | 2025-02-10 | 6.1 Medium |
| An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. | ||||