Export limit exceeded: 45894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37272 | 1 Sos-berlin | 1 Jobscheduler | 2024-11-21 | 6.3 Medium |
| JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1.13 of JobScheduler (JS1). The vulnerability does not affect branch 2.x of JobScheduler (JS7) for releases after 2.1.0. The vulnerability is resolved with release 1.13.19. | ||||
| CVE-2023-37259 | 1 Matrix-react-sdk Project | 1 Matrix-react-sdk | 2024-11-21 | 6.1 Medium |
| matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. This issue has been addressed in commit `22fcd34c60` which is included in release version 3.76.0. Users are advised to upgrade. The only known workaround for this issue is to disable or to not use the Export Chat feature. | ||||
| CVE-2023-37257 | 1 Dataease | 1 Dataease | 2024-11-21 | 5.4 Medium |
| DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds. | ||||
| CVE-2023-37225 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 6.1 Medium |
| Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. | ||||
| CVE-2023-37223 | 1 Archerirm | 1 Archer | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script. | ||||
| CVE-2023-37222 | 1 Farsight | 1 Provide Server | 2024-11-21 | 4.8 Medium |
| Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege. | ||||
| CVE-2023-37221 | 1 7-twenty | 1 Bot | 2024-11-21 | 8.8 High |
| 7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). | ||||
| CVE-2023-37215 | 1 Jbl | 2 Jbl Bar 5.1 Surround, Jbl Bar 5.1 Surround Firmware | 2024-11-21 | 6.2 Medium |
| JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials | ||||
| CVE-2023-37191 | 1 Issabel | 1 Pbx | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters. | ||||
| CVE-2023-37190 | 1 Issabel | 1 Pbx | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature. | ||||
| CVE-2023-37189 | 1 Issabel | 1 Pbx | 2024-11-21 | 4.8 Medium |
| A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module. | ||||
| CVE-2023-37164 | 1 Diafan | 1 Diafan.cms | 2024-11-21 | 6.1 Medium |
| Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search. | ||||
| CVE-2023-37153 | 1 Kodcloud | 1 Kodexplorer | 2024-11-21 | 6.1 Medium |
| KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field. | ||||
| CVE-2023-37150 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | 6.1 Medium |
| Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "/admin/index.php?page=categories" Category item. | ||||
| CVE-2023-37136 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37135 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37134 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37133 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37132 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37125 | 1 Seacms | 1 Seacms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||