Export limit exceeded: 45824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23372 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.5 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later | ||||
| CVE-2023-23324 | 1 Zumtobel | 2 Netlink Ccd, Netlink Ccd Firmware | 2024-11-21 | 9.8 Critical |
| Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. | ||||
| CVE-2023-23208 | 3 Genesys, Linux, Microsoft | 3 Administrator Extension, Linux Kernel, Windows | 2024-11-21 | 6.1 Medium |
| Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261. | ||||
| CVE-2023-23161 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. | ||||
| CVE-2023-23158 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page. | ||||
| CVE-2023-23157 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page. | ||||
| CVE-2023-22984 | 1 Axis | 2 207w, 207w Firmware | 2024-11-21 | 6.1 Medium |
| A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL. | ||||
| CVE-2023-22975 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html. | ||||
| CVE-2023-22957 | 2 Audiocodes, Audiocodes Ltd | 13 405hd, 405hd Firmware, 445hd and 10 more | 2024-11-21 | 7.5 High |
| An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password. | ||||
| CVE-2023-22956 | 2 Audiocodes, Audiocodes Ltd | 13 405hd, 405hd Firmware, 445hd and 10 more | 2024-11-21 | 7.5 High |
| An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information. | ||||
| CVE-2023-22843 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | 6.4 Medium |
| An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules. | ||||
| CVE-2023-22718 | 1 User Meta Manager Project | 1 User Meta Manager | 2024-11-21 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions. | ||||
| CVE-2023-22704 | 1 Mtrv | 1 Teachpress | 2024-11-21 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions. | ||||
| CVE-2023-22698 | 1 Theme Blvd Responsive Google Maps Project | 1 Theme Blvd Responsive Google Maps | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin <= 1.0.2 versions. | ||||
| CVE-2023-22690 | 1 Shopfiles | 1 Ebook Store | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.775 versions. | ||||
| CVE-2023-22682 | 1 Pixedelic | 1 Camera Slideshow | 2024-11-21 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions. | ||||
| CVE-2023-22638 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 6.7 Medium |
| Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. | ||||
| CVE-2023-22637 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 5.9 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. | ||||
| CVE-2023-22595 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2024-11-21 | 5.4 Medium |
| IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076. | ||||
| CVE-2023-22370 | 1 Planex | 1 Cs-wmv02g | 2024-11-21 | 5.2 Medium |
| Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. | ||||