Export limit exceeded: 47224 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47224 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46068 | 1 Maileon | 1 Maileon | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions. | ||||
| CVE-2023-46059 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component. | ||||
| CVE-2023-46058 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component. | ||||
| CVE-2023-46054 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | ||||
| CVE-2023-46040 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. | ||||
| CVE-2023-46026 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters. | ||||
| CVE-2023-46020 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters. | ||||
| CVE-2023-46019 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter. | ||||
| CVE-2023-46016 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL. | ||||
| CVE-2023-46015 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL. | ||||
| CVE-2023-46003 | 1 I-doit | 1 I-doit | 2024-11-21 | 5.4 Medium |
| I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. | ||||
| CVE-2023-45998 | 1 Kodcloud | 1 Kodbox | 2024-11-21 | 5.4 Medium |
| kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS. | ||||
| CVE-2023-45992 | 1 Commscope | 1 Ruckus Cloudpath Enrollment System | 2024-11-21 | 9.6 Critical |
| A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. | ||||
| CVE-2023-45958 | 1 Thirtybees | 1 Thirty Bees | 2024-11-21 | 6.1 Medium |
| Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload. | ||||
| CVE-2023-45957 | 1 Thirtybees | 1 Thirty Bees | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling. | ||||
| CVE-2023-45885 | 1 Nasa | 1 Openmct | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | ||||
| CVE-2023-45881 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 6.1 Medium |
| GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response. | ||||
| CVE-2023-45879 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 5.4 Medium |
| GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. | ||||
| CVE-2023-45869 | 1 Ilias | 1 Ilias | 2024-11-21 | 9 Critical |
| ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system. | ||||
| CVE-2023-45835 | 1 Libsyn | 1 Libsyn Publisher Hub | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions. | ||||