Export limit exceeded: 47022 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47022 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26218 | 1 Tibco | 1 Nimbus | 2024-11-21 | 8 High |
| The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6.0 and below. | ||||
| CVE-2023-26206 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 6.8 Medium |
| An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | ||||
| CVE-2023-26203 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 6.1 Medium |
| A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | ||||
| CVE-2023-26149 | 1 Quill-mention | 1 Quill Mention | 2024-11-21 | 6.1 Medium |
| Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. **Note:** If the mentions list is sourced from unsafe (user-sourced) data, this might allow an injection attack when a Quill user hits @. | ||||
| CVE-2023-26147 | 1 Ithewei | 1 Libhv | 2024-11-21 | 5.3 Medium |
| All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability. | ||||
| CVE-2023-26146 | 2 Ithewei, Ithewei\/libhv | 2 Libhv, Ithewei\/libhv | 2024-11-21 | 6.1 Medium |
| All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered. | ||||
| CVE-2023-26140 | 1 Excalidraw | 1 Excalidraw | 2024-11-21 | 6.1 Medium |
| Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization. | ||||
| CVE-2023-25984 | 1 Rigorous-digital | 1 Dovetail | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions. | ||||
| CVE-2023-25981 | 1 Themekraft | 1 Post Form | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions. | ||||
| CVE-2023-25978 | 1 Mindutopia | 1 Protected Posts Logout Button | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <= 1.4.5 versions. | ||||
| CVE-2023-25974 | 1 Wp2syslog Project | 1 Wp2syslog | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psicosi448 wp2syslog plugin <= 1.0.5 versions. | ||||
| CVE-2023-25972 | 1 Iksweb | 1 Wordpress Ctapt | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress Старт plugin <= 3.7 versions. | ||||
| CVE-2023-25964 | 1 Designextreme | 1 We\'re Open\! | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah Hearle, Design Extreme We’re Open! plugin <= 1.46 versions. | ||||
| CVE-2023-25963 | 1 Joomsky | 1 Js Job Manager | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions. | ||||
| CVE-2023-25789 | 1 Tapfiliate | 1 Tapfiliate | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions. | ||||
| CVE-2023-25782 | 1 Plustime | 1 Service Area Postcode Checker | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) vulnerability in Second2none Service Area Postcode Checker plugin <= 2.0.8 versions. | ||||
| CVE-2023-25781 | 1 Upload File Type Settings Plugin Project | 1 Upload File Type Settings Plugin | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions. | ||||
| CVE-2023-25716 | 1 Announce From The Dashboard Project | 1 Announce From The Dashboard | 2024-11-21 | 5.9 Medium |
| Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions. | ||||
| CVE-2023-25608 | 1 Fortinet | 4 Fortiap, Fortiap-c, Fortiap-u and 1 more | 2024-11-21 | 5.2 Medium |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments. | ||||
| CVE-2023-25491 | 1 Jch Optimize Project | 1 Jch Optimize | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions. | ||||