Export limit exceeded: 47224 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47224 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-46068 1 Maileon 1 Maileon 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions.
CVE-2023-46059 1 Geeklog 1 Geeklog 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.
CVE-2023-46058 1 Geeklog 1 Geeklog 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.
CVE-2023-46054 1 Wbce 1 Wbce Cms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.
CVE-2023-46040 1 Get-simple 1 Getsimplecms 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.
CVE-2023-46026 1 Phpgurukul 1 Teacher Subject Allocation Management System 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.
CVE-2023-46020 1 Code-projects 1 Blood Bank 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters.
CVE-2023-46019 1 Code-projects 1 Blood Bank 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter.
CVE-2023-46016 1 Code-projects 1 Blood Bank 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL.
CVE-2023-46015 1 Code-projects 1 Blood Bank 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL.
CVE-2023-46003 1 I-doit 1 I-doit 2024-11-21 5.4 Medium
I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.
CVE-2023-45998 1 Kodcloud 1 Kodbox 2024-11-21 5.4 Medium
kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.
CVE-2023-45992 1 Commscope 1 Ruckus Cloudpath Enrollment System 2024-11-21 9.6 Critical
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
CVE-2023-45958 1 Thirtybees 1 Thirty Bees 2024-11-21 6.1 Medium
Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload.
CVE-2023-45957 1 Thirtybees 1 Thirty Bees 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling.
CVE-2023-45885 1 Nasa 1 Openmct 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.
CVE-2023-45881 1 Gibbonedu 1 Gibbon 2024-11-21 6.1 Medium
GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response.
CVE-2023-45879 1 Gibbonedu 1 Gibbon 2024-11-21 5.4 Medium
GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.
CVE-2023-45869 1 Ilias 1 Ilias 2024-11-21 9 Critical
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.
CVE-2023-45835 1 Libsyn 1 Libsyn Publisher Hub 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions.