Export limit exceeded: 45894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37830 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||
| CVE-2023-37829 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter. | ||||
| CVE-2023-37828 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter. | ||||
| CVE-2023-37827 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter. | ||||
| CVE-2023-37826 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter. | ||||
| CVE-2023-37798 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | ||||
| CVE-2023-37790 | 1 Broadcom | 1 Clarity | 2024-11-21 | 5.4 Medium |
| Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. | ||||
| CVE-2023-37787 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php. | ||||
| CVE-2023-37786 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php. | ||||
| CVE-2023-37785 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php. | ||||
| CVE-2023-37755 | 1 I-doit | 1 I-doit | 2024-11-21 | 9.8 Critical |
| i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS). | ||||
| CVE-2023-37746 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component. | ||||
| CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. | ||||
| CVE-2023-37744 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. | ||||
| CVE-2023-37743 | 1 Phpgurukul | 1 Teacher Subject Allocation System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box. | ||||
| CVE-2023-37742 | 1 Webboss | 1 Webboss.io Cms | 2024-11-21 | 6.1 Medium |
| WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-37733 | 1 Tduckcloud | 1 Tduck-platform | 2024-11-21 | 6.1 Medium |
| An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file. | ||||
| CVE-2023-37728 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 6.1 Medium |
| IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | ||||
| CVE-2023-37692 | 1 Octobercms | 1 October | 2024-11-21 | 5.4 Medium |
| An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2023-37690 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 4.8 Medium |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. | ||||