Export limit exceeded: 47192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47192 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4496 1 Easy Chat Server Project 1 Easy Chat Server 2024-11-21 6.1 Medium
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.
CVE-2023-4495 1 Easy Chat Server Project 1 Easy Chat Server 2024-11-21 6.1 Medium
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.
CVE-2023-4493 1 Easy Address Book Web Server Project 1 Easy Address Book Web Server 2024-11-21 6.1 Medium
Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.
CVE-2023-4492 1 Easy Address Book Web Server Project 1 Easy Address Book Web Server 2024-11-21 6.1 Medium
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded
CVE-2023-4460 1 Uploading Svg\, Webp And Ico Files Project 1 Uploading Svg\, Webp And Ico Files 2024-11-21 6.1 Medium
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
CVE-2023-4453 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.
CVE-2023-4433 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVE-2023-4432 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVE-2023-4422 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
CVE-2023-4395 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVE-2023-4393 1 Liquidfiles 1 Liquidfiles 2024-11-21 5.4 Medium
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.
CVE-2023-4371 1 Phprecdb 1 Phprecdb 2024-11-21 3.5 Low
A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4347 1 Librenms 1 Librenms 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
CVE-2023-4321 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.
CVE-2023-4303 1 Jenkins 1 Fortify 2024-11-21 4.3 Medium
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
CVE-2023-4220 1 Chamilo 1 Chamilo Lms 2024-11-21 8.1 High
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
CVE-2023-4204 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-11-21 5.4 Medium
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
CVE-2023-4196 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
CVE-2023-4189 2 Instantcms, Instantsoft 2 Instantcms, Instantcms 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4187 2 Instantcms, Instantsoft 2 Instantcms, Instantcms 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.