Export limit exceeded: 47293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47293 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6472 | 1 Phpems | 1 Phpems | 2024-11-21 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability. | ||||
| CVE-2023-6466 | 1 Thecosy | 1 Icecms | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246616. | ||||
| CVE-2023-6463 | 1 Remyandrade | 1 User Registration And Login System | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246613 was assigned to this vulnerability. | ||||
| CVE-2023-6462 | 1 Remyandrade | 1 User Registration And Login System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612. | ||||
| CVE-2023-6461 | 1 Viliusle | 1 Minipaint | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0. | ||||
| CVE-2023-6442 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability. | ||||
| CVE-2023-6440 | 1 Remyandrade | 1 Book Borrower System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246443. | ||||
| CVE-2023-6439 | 1 Easycorp | 1 Zentao | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439. | ||||
| CVE-2023-6435 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6434 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6431 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categories_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6430 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6429 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6427 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6426 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6424 | 1 Bigprof | 1 Online Clinic Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6423 | 1 Bigprof | 1 Online Clinic Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6422 | 1 Bigprof | 1 Online Clinic Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-6419 | 1 Aatifaneeq | 1 Voovi | 2024-11-21 | 6.5 Medium |
| A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. | ||||
| CVE-2023-6379 | 1 Alkacon | 1 Opencms | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session. | ||||