Export limit exceeded: 46898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41588 | 1 Appfire | 1 Time To Sla | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter. | ||||
| CVE-2023-41575 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2024-11-21 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. | ||||
| CVE-2023-41538 | 1 Phpjabbers | 1 Php Forum Script | 2024-11-21 | 6.1 Medium |
| phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. | ||||
| CVE-2023-41508 | 1 Superstorefinder | 1 Super Store Finder | 2024-11-21 | 9.8 Critical |
| A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. | ||||
| CVE-2023-41453 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. | ||||
| CVE-2023-41451 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. | ||||
| CVE-2023-41448 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. | ||||
| CVE-2023-41447 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. | ||||
| CVE-2023-41446 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. | ||||
| CVE-2023-41445 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. | ||||
| CVE-2023-41436 | 1 Cskaza | 1 Cszcms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component. | ||||
| CVE-2023-41423 | 1 Terryl | 1 Wp Githuber Md | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function. | ||||
| CVE-2023-41372 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | 7.8 High |
| The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair | ||||
| CVE-2023-41343 | 1 Ragic | 1 Enterprise Cloud Database | 2024-11-21 | 5.4 Medium |
| Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | ||||
| CVE-2023-41318 | 1 Turt2live | 1 Matrix-media-repo | 2024-11-21 | 4.1 Medium |
| matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround. | ||||
| CVE-2023-41316 | 1 Tolgee | 1 Tolgee | 2024-11-21 | 5.5 Medium |
| Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41250 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.5 Low |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | ||||
| CVE-2023-41249 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | ||||
| CVE-2023-41248 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | ||||
| CVE-2023-41242 | 1 Creativehassan | 1 Snap Pixel | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions. | ||||