Export limit exceeded: 47223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47223 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44311 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 9.6 Critical |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941. | ||||
| CVE-2023-44310 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 9 Critical |
| Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field. | ||||
| CVE-2023-44309 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 9 Critical |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset. | ||||
| CVE-2023-44301 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2024-11-21 | 5.4 Medium |
| Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2023-44296 | 1 Dell | 1 E-lab Navigator | 2024-11-21 | 8.4 High |
| Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information. | ||||
| CVE-2023-44286 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | 8.8 High |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2023-44276 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 5.4 Medium |
| OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. | ||||
| CVE-2023-44275 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 5.4 Medium |
| OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. | ||||
| CVE-2023-44272 | 1 Citadel | 1 Citadel | 2024-11-21 | 5.4 Medium |
| A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user. | ||||
| CVE-2023-44265 | 1 Gopiplus | 1 Popup Contact Form | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions. | ||||
| CVE-2023-44264 | 1 Arrowplugins | 1 The Awesome Feed | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions. | ||||
| CVE-2023-44263 | 1 Riyaz | 1 Social Metrics | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions. | ||||
| CVE-2023-44262 | 1 Renzojohnson | 1 Blocks | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions. | ||||
| CVE-2023-44245 | 1 Leaptodigital | 1 Contact Form Website To Workflow Tool | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin <= 4.0.0 versions. | ||||
| CVE-2023-44244 | 1 Fooplugins | 1 Foogallery | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions. | ||||
| CVE-2023-44242 | 1 2joomla | 1 2j Slideshow | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin <= 1.3.54 versions. | ||||
| CVE-2023-44239 | 1 Walkswithme | 1 Social Share On Image Hover | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions. | ||||
| CVE-2023-44230 | 1 Gopiplus | 1 Popup Contact Form | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions. | ||||
| CVE-2023-44229 | 1 Gopiplus | 1 Tiny Carosel Horizontal Slider | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions. | ||||
| CVE-2023-44228 | 1 Gopiplus | 1 Onclick Show Popup | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions. | ||||