Export limit exceeded: 364271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47212 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47212 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39711 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section.
CVE-2023-39710 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section.
CVE-2023-39709 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.
CVE-2023-39708 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.
CVE-2023-39707 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.
CVE-2023-39703 1 Typora 1 Typora 2024-11-21 6.1 Medium
A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file.
CVE-2023-39700 1 Icewarp 1 Mail Server 2024-11-21 6.1 Medium
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2023-39678 1 Bdcom 3 Olt P3310d-2ac, P3310d-2ac, P3310d-2ac Firmware 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
CVE-2023-39676 1 Fieldthemes 1 Fieldpopupnewsletter 2024-11-21 6.1 Medium
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.
CVE-2023-39600 1 Icewarp 1 Icewarp 2024-11-21 6.1 Medium
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2023-39598 1 Icewarp 1 Webclient 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
CVE-2023-39578 1 Tribalsystems 1 Zenario 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.
CVE-2023-39575 1 Isl 1 Arp-guard 2024-11-21 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-39558 1 Web-audimex 1 Audimexee 2024-11-21 6.1 Medium
AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.
CVE-2023-39543 1 Luxsoft 1 Luxcal Web Calendar 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.
CVE-2023-39527 1 Prestashop 1 Prestashop 2024-11-21 8.3 High
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
CVE-2023-39521 1 Enalean 1 Tuleap 2024-11-21 4.8 Medium
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administrator deleting a kanban with a malicious label can be forced to execute uncontrolled code. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.
CVE-2023-39518 1 Fobybus 1 Social-media-skeleton 2024-11-21 5.4 Medium
social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3.
CVE-2023-39517 1 Joplin Project 1 Joplin 2024-11-21 8.2 High
Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `<map>` `<area>` links. However, unlike `<a>` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin's setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-39437 1 Sap 1 Business One 2024-11-21 7.6 High
SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application.