Search Results (47241 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-43260 1 Milesight 15 Ur32, Ur32 Firmware, Ur32l and 12 more 2024-11-21 6.1 Medium
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
CVE-2023-43233 1 Yzncms 1 Yzncms 2024-11-21 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
CVE-2023-43232 1 Dedebiz 1 Dedebiz 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
CVE-2023-43193 1 Rcos 1 Submitty 2024-11-21 6.1 Medium
Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.
CVE-2023-43191 1 Jrecms 1 Springbootcms 2024-11-21 5.4 Medium
SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft
CVE-2023-43103 1 Zimbra 1 Collaboration 2024-11-21 6.1 Medium
An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.
CVE-2023-43102 1 Zimbra 1 Collaboration 2024-11-21 6.1 Medium
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.
CVE-2023-43065 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2024-11-21 5.5 Medium
Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.
CVE-2023-43057 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 4.6 Medium
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.
CVE-2023-42817 1 Pimcore 1 Admin Classic Bundle 2024-11-21 5.4 Medium
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually.
CVE-2023-42808 1 Mozilla 1 Common Voice 2024-11-21 6.1 Medium
Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.
CVE-2023-42765 1 Westermo 2 L206-f2g, L206-f2g Firmware 2024-11-21 5.4 Medium
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.
CVE-2023-42656 1 Progress 1 Moveit Transfer 2024-11-21 6.1 Medium
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface.  An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure.  If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
CVE-2023-42629 1 Liferay 2 Digital Experience Platform, Liferay Portal 2024-11-21 9 Critical
Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field.
CVE-2023-42628 1 Liferay 2 Digital Experience Platform, Liferay Portal 2024-11-21 9 Critical
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field.
CVE-2023-42497 1 Liferay 2 Digital Experience Platform, Liferay Portal 2024-11-21 9.6 Critical
Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.
CVE-2023-42492 1 Busbaer 1 Eisbaer Scada 2024-11-21 7.1 High
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
CVE-2023-42478 1 Sap 1 Business Objects Business Intelligence Platform 2024-11-21 7.5 High
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
CVE-2023-42476 1 Sap 1 Businessobjects Web Intelligence 2024-11-21 6.8 Medium
SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.
CVE-2023-42474 1 Sap 1 Businessobjects Web Intelligence 2024-11-21 6.8 Medium
SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.