Export limit exceeded: 46898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4495 | 1 Easy Chat Server Project | 1 Easy Chat Server | 2024-11-21 | 6.1 Medium |
| Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp. | ||||
| CVE-2023-4493 | 1 Easy Address Book Web Server Project | 1 Easy Address Book Web Server | 2024-11-21 | 6.1 Medium |
| Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact. | ||||
| CVE-2023-4492 | 1 Easy Address Book Web Server Project | 1 Easy Address Book Web Server | 2024-11-21 | 6.1 Medium |
| Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded | ||||
| CVE-2023-4460 | 1 Uploading Svg\, Webp And Ico Files Project | 1 Uploading Svg\, Webp And Ico Files | 2024-11-21 | 6.1 Medium |
| The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2023-4453 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8. | ||||
| CVE-2023-4433 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. | ||||
| CVE-2023-4432 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. | ||||
| CVE-2023-4422 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | ||||
| CVE-2023-4395 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. | ||||
| CVE-2023-4393 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 5.4 Medium |
| HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. | ||||
| CVE-2023-4371 | 1 Phprecdb | 1 Phprecdb | 2024-11-21 | 3.5 Low |
| A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4347 | 1 Librenms | 1 Librenms | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0. | ||||
| CVE-2023-4321 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3. | ||||
| CVE-2023-4303 | 1 Jenkins | 1 Fortify | 2024-11-21 | 4.3 Medium |
| Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability. | ||||
| CVE-2023-4220 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 8.1 High |
| Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. | ||||
| CVE-2023-4204 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | 5.4 Medium |
| NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. | ||||
| CVE-2023-4196 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | ||||
| CVE-2023-4189 | 2 Instantcms, Instantsoft | 2 Instantcms, Instantcms | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
| CVE-2023-4187 | 2 Instantcms, Instantsoft | 2 Instantcms, Instantcms | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
| CVE-2023-4175 | 1 Moosocial | 1 Mootravel | 2024-11-21 | 3.5 Low |
| A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability. | ||||