Search Results (47035 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39988 1 Tencent 1 Wxsync 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 标准云(std.Cloud) WxSync plugin <= 2.7.23 versions.
CVE-2023-39987 1 Joomlaserviceprovider 1 Wsecure 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5 versions.
CVE-2023-39982 1 Moxa 1 Mxsecurity 2024-11-21 7.5 High
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
CVE-2023-39971 1 Acymailing 1 Acymailing 2024-11-21 6.1 Medium
Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.
CVE-2023-39955 1 Nextcloud 1 Notes 2024-11-21 3.5 Low
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.
CVE-2023-39938 1 I-pro 1 Video Insight 2024-11-21 6.1 Medium
Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script.
CVE-2023-39924 1 Simplefilelist 1 Simple File List 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions.
CVE-2023-39919 1 Maennchen1 1 Wpshopgermany - Protected Shops 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany – Protected Shops plugin <= 2.0 versions.
CVE-2023-39918 1 Saasproject 1 Booking Package 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJECT Booking Package Booking Package plugin <= 1.6.01 versions.
CVE-2023-39777 1 Vbulletin 1 Vbulletin 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.
CVE-2023-39714 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section.
CVE-2023-39712 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section.
CVE-2023-39711 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section.
CVE-2023-39710 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section.
CVE-2023-39709 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.
CVE-2023-39708 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.
CVE-2023-39707 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.
CVE-2023-39703 1 Typora 1 Typora 2024-11-21 6.1 Medium
A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file.
CVE-2023-39700 1 Icewarp 1 Mail Server 2024-11-21 6.1 Medium
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2023-39678 1 Bdcom 3 Olt P3310d-2ac, P3310d-2ac, P3310d-2ac Firmware 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.