Export limit exceeded: 47110 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47110 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-46735 1 Sensiolabs 1 Symfony 2024-11-21 6.1 Medium
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn't return any user-submitted input in its response.
CVE-2023-46732 1 Xwiki 1 Xwiki 2024-11-21 9.7 Critical
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability.
CVE-2023-46722 1 Pimcore 1 Admin Classic Bundle 2024-11-21 6.1 Medium
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
CVE-2023-46711 1 Buffalo 2 Vr-s1000, Vr-s1000 Firmware 2024-11-21 4.6 Medium
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.
CVE-2023-46706 1 Machinesense 2 Feverwarn, Feverwarn Firmware 2024-11-21 9.1 Critical
Multiple MachineSense devices have credentials unable to be changed by the user or administrator.
CVE-2023-46693 1 Formalms 1 Formalms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters.
CVE-2023-46583 1 Phpgurukul 1 Nipah Virus Testing Management System 2024-11-21 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field.
CVE-2023-46580 1 Code-projects 1 Inventory Management 2024-11-21 5.4 Medium
Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component.
CVE-2023-46505 1 Pwncyn 1 Fancms 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file.
CVE-2023-46504 1 Pwncyn 1 Yxbookcms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component.
CVE-2023-46503 1 Pwncyn 1 Yxbookcms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.
CVE-2023-46495 1 Evershop 1 Evershop 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.
CVE-2023-46492 1 Mldb 1 Machine Learning Database 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html.
CVE-2023-46491 1 Zentao 1 Biz 2024-11-21 6.1 Medium
ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.
CVE-2023-46483 1 Timeteccloud 1 Auto Web-based Database Management System 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function.
CVE-2023-46475 1 Easycorp 1 Zentao 2024-11-21 5.4 Medium
A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.
CVE-2023-46470 1 Spaceapplications 1 Yacms 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser.
CVE-2023-46467 1 Juzaweb 1 Cms 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page.
CVE-2023-46451 1 Mayurik 1 Best Courier Management System 2024-11-21 5.4 Medium
Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.
CVE-2023-46450 1 Mayurik 1 Inventory Management System 2024-11-21 5.4 Medium
Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.