Export limit exceeded: 47209 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47209 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37894 | 1 Radiustheme | 1 Variation Images Gallery For Woocommerce | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <= 2.3.3 versions. | ||||
| CVE-2023-37893 | 1 Chop-chop | 1 Coming Soon Chop Chop | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions. | ||||
| CVE-2023-37875 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | 3 Low |
| Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0. | ||||
| CVE-2023-37874 | 1 Riverside | 1 Http Headers | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions. | ||||
| CVE-2023-37873 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | ||||
| CVE-2023-37857 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 3.8 Low |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device. | ||||
| CVE-2023-37830 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||
| CVE-2023-37829 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter. | ||||
| CVE-2023-37828 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter. | ||||
| CVE-2023-37827 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter. | ||||
| CVE-2023-37826 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter. | ||||
| CVE-2023-37798 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | ||||
| CVE-2023-37790 | 1 Broadcom | 1 Clarity | 2024-11-21 | 5.4 Medium |
| Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. | ||||
| CVE-2023-37787 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php. | ||||
| CVE-2023-37786 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php. | ||||
| CVE-2023-37785 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php. | ||||
| CVE-2023-37755 | 1 I-doit | 1 I-doit | 2024-11-21 | 9.8 Critical |
| i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS). | ||||
| CVE-2023-37746 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component. | ||||
| CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. | ||||
| CVE-2023-37744 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. | ||||