Export limit exceeded: 45871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45871 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36312 | 1 Phpjabbers | 1 Callback Widget | 2024-11-21 | 5.4 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. | ||||
| CVE-2023-36310 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | ||||
| CVE-2023-36309 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. | ||||
| CVE-2023-36306 | 1 Adiscon | 1 Loganalyzer | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components. | ||||
| CVE-2023-36234 | 1 Netbox | 1 Netbox | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. | ||||
| CVE-2023-36217 | 1 Xoops | 1 Xoops | 2024-11-21 | 9.0 Critical |
| Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. | ||||
| CVE-2023-36211 | 1 Cubiclesoft | 1 Barebones Cms | 2024-11-21 | 5.4 Medium |
| The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel. | ||||
| CVE-2023-36159 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | ||||
| CVE-2023-36138 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-11-21 | 6.1 Medium |
| PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. | ||||
| CVE-2023-36137 | 1 Phpjabbers | 1 Class Scheduling System | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0. | ||||
| CVE-2023-36126 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-11-21 | 6.1 Medium |
| There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | ||||
| CVE-2023-36121 | 1 E107 | 1 E107 | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | ||||
| CVE-2023-36081 | 1 Gatesair | 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard. | ||||
| CVE-2023-35987 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 9.8 Critical |
| PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. | ||||
| CVE-2023-35978 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | 6.1 Medium |
| A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||
| CVE-2023-35971 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | 8.8 High |
| A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||
| CVE-2023-35929 | 1 Enalean | 1 Tuleap | 2024-11-21 | 5.4 Medium |
| Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix. | ||||
| CVE-2023-35918 | 1 Woocommerce | 1 Bulk Stock Management | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. | ||||
| CVE-2023-35905 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | 4.6 Medium |
| IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384. | ||||
| CVE-2023-35884 | 1 Metagauss | 1 Eventprime | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions. | ||||