Export limit exceeded: 351172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45966 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48172 | 1 Phpjabbers | 1 Shuttle Booking Software | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. | ||||
| CVE-2023-48116 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. | ||||
| CVE-2023-48115 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. | ||||
| CVE-2023-48114 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.4 Medium |
| SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name. | ||||
| CVE-2023-48094 | 1 Cesium | 1 Cesiumjs | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product. | ||||
| CVE-2023-48088 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 5.4 Medium |
| xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. | ||||
| CVE-2023-48068 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | ||||
| CVE-2023-48055 | 1 Superagi | 1 Superagi | 2024-11-21 | 7.5 High |
| SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | ||||
| CVE-2023-48053 | 1 Archerydms | 1 Archery | 2024-11-21 | 7.5 High |
| Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | ||||
| CVE-2023-48042 | 1 Communitydeveloper | 1 Amazzing Filter | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. | ||||
| CVE-2023-47839 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions. | ||||
| CVE-2023-47835 | 1 Ari-soft | 1 Ari Stream Quiz | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions. | ||||
| CVE-2023-47834 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions. | ||||
| CVE-2023-47833 | 1 Slimndap | 1 Theater For Wordpress | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress plugin <= 0.18.3 versions. | ||||
| CVE-2023-47831 | 1 Assortedchips | 1 Drawit | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in assorted[chips] DrawIt (draw.Io) plugin <= 1.1.3 versions. | ||||
| CVE-2023-47829 | 1 Codez | 1 Quick Call Button | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codez Quick Call Button plugin <= 1.2.9 versions. | ||||
| CVE-2023-47821 | 1 Jannisthuemmig | 1 Email Encoder | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jannis Thuemmig Email Encoder plugin <= 2.1.8 versions. | ||||
| CVE-2023-47817 | 1 Mmrs151 | 1 Daily Prayer Time | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.10.13 versions. | ||||
| CVE-2023-47816 | 1 Wpcharitable | 1 Charitable | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions. | ||||
| CVE-2023-47815 | 1 Venutius | 1 Bp Profile Shortcodes Extra | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra plugin <= 2.5.2 versions. | ||||