Export limit exceeded: 45894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37124 | 1 Seacms | 1 Seacms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-37122 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module. | ||||
| CVE-2023-37070 | 1 Code-projects | 1 Hospital Information System | 2024-11-21 | 4.8 Medium |
| Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS) | ||||
| CVE-2023-37067 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.8 Medium |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section. | ||||
| CVE-2023-37066 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.8 Medium |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel. | ||||
| CVE-2023-37065 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.8 Medium |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section. | ||||
| CVE-2023-37064 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.8 Medium |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section. | ||||
| CVE-2023-37063 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.8 Medium |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section. | ||||
| CVE-2023-37062 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.8 Medium |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition. | ||||
| CVE-2023-37061 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.8 Medium |
| Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section. | ||||
| CVE-2023-36995 | 1 Travianz Project | 1 Travianz | 2024-11-21 | 6.1 Medium |
| TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. | ||||
| CVE-2023-36970 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. | ||||
| CVE-2023-36942 | 1 Phpgurukul | 1 Online Fire Reporting System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field. | ||||
| CVE-2023-36941 | 1 Phpgurukul | 1 Online Fire Reporting System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields. | ||||
| CVE-2023-36940 | 1 Phpgurukul | 1 Online Fire Reporting System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field. | ||||
| CVE-2023-36939 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field. | ||||
| CVE-2023-36936 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box. | ||||
| CVE-2023-36918 | 1 Sap | 1 Enable Now | 2024-11-21 | 6.1 Medium |
| In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information. | ||||
| CVE-2023-36828 | 1 Statamic | 2 Cms, Statamic | 2024-11-21 | 5.5 Medium |
| Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue. | ||||
| CVE-2023-36817 | 2 Kingstemple, Tktchurch | 2 The King\'s Temple Church Website, Website | 2024-11-21 | 7.5 High |
| `tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase. | ||||