Export limit exceeded: 363715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 47158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32103 | 1 Themepalace | 1 Tp Education | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <= 4.4 versions. | ||||
| CVE-2023-32102 | 1 Pexlechris | 1 Library Viewer | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <= 2.0.6 versions. | ||||
| CVE-2023-32089 | 1 Pega | 1 Platform | 2024-11-21 | 4.6 Medium |
| Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description | ||||
| CVE-2023-32088 | 1 Pega | 1 Platform | 2024-11-21 | 4.6 Medium |
| Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation | ||||
| CVE-2023-32087 | 1 Pega | 1 Platform | 2024-11-21 | 4.6 Medium |
| Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation | ||||
| CVE-2023-32000 | 1 Ui | 1 Unifi Network Application | 2024-11-21 | 4.8 Medium |
| A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. | ||||
| CVE-2023-31942 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php. | ||||
| CVE-2023-31935 | 1 Phpgurukul | 1 Rail Pass Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. | ||||
| CVE-2023-31934 | 1 Phpgurukul | 1 Rail Pass Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | ||||
| CVE-2023-31853 | 1 Cudy | 2 Lt400, Lt400 Firmware | 2024-11-21 | 6.1 Medium |
| Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter. | ||||
| CVE-2023-31851 | 1 Cudy | 2 Lt400, Lt400 Firmware | 2024-11-21 | 6.1 Medium |
| Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter. | ||||
| CVE-2023-31808 | 1 Technicolor | 2 Tg670, Tg670 Firmware | 2024-11-21 | 7.2 High |
| Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled. | ||||
| CVE-2023-31754 | 1 Optimizely | 1 Optimizely Cms | 2024-11-21 | 4.8 Medium |
| Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel. | ||||
| CVE-2023-31705 | 1 Task Reminder System Project | 1 Task Reminder System | 2024-11-21 | 5.4 Medium |
| A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter. | ||||
| CVE-2023-31698 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | ||||
| CVE-2023-31581 | 1 Dromara | 1 Sureness | 2024-11-21 | 9.8 Critical |
| Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | ||||
| CVE-2023-31579 | 1 Tangyh | 1 Lamp-cloud | 2024-11-21 | 9.8 Critical |
| Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token. | ||||
| CVE-2023-31546 | 1 Dedebiz | 1 Dedebiz | 2024-11-21 | 9.6 Critical |
| Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature. | ||||
| CVE-2023-31466 | 1 Fsmlabs | 1 Timekeeper | 2024-11-21 | 5.4 Medium |
| An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there" screens, there are entry points to inject JavaScript code. | ||||
| CVE-2023-31302 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. | ||||