Export limit exceeded: 363866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 47171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47171 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37901 | 1 Cern | 1 Indico | 2024-11-21 | 5.4 Medium |
| Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a speaker) and then someone else to attempt to delete this content. Considering that event organizers may want to delete suspicious-looking content when spotting it, there is a non-negligible risk of such an attack to succeed. The risk of this could be further increased when combined with some some social engineering pointing the victim towards this content. Users need to update to Indico 3.2.6 as soon as possible. See the docs for instructions on how to update. Users who cannot upgrade should only let trustworthy users manage categories, create events or upload materials ("submission" privileges on a contribution/event). This should already be the case in a properly-configured setup when it comes to category/event management. Note that a conference doing a Call for Abstracts actively invites external speakers (who the organizers may not know and thus cannot fully trust) to submit content, hence the need to update to a a fixed version ASAP in particular when using such workflows. | ||||
| CVE-2023-37894 | 1 Radiustheme | 1 Variation Images Gallery For Woocommerce | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <= 2.3.3 versions. | ||||
| CVE-2023-37893 | 1 Chop-chop | 1 Coming Soon Chop Chop | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions. | ||||
| CVE-2023-37875 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | 3 Low |
| Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0. | ||||
| CVE-2023-37874 | 1 Riverside | 1 Http Headers | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions. | ||||
| CVE-2023-37873 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | ||||
| CVE-2023-37857 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 3.8 Low |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device. | ||||
| CVE-2023-37830 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||
| CVE-2023-37829 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter. | ||||
| CVE-2023-37828 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter. | ||||
| CVE-2023-37827 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter. | ||||
| CVE-2023-37826 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter. | ||||
| CVE-2023-37798 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | ||||
| CVE-2023-37790 | 1 Broadcom | 1 Clarity | 2024-11-21 | 5.4 Medium |
| Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. | ||||
| CVE-2023-37787 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php. | ||||
| CVE-2023-37786 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php. | ||||
| CVE-2023-37785 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php. | ||||
| CVE-2023-37755 | 1 I-doit | 1 I-doit | 2024-11-21 | 9.8 Critical |
| i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS). | ||||
| CVE-2023-37746 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component. | ||||
| CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. | ||||