Export limit exceeded: 351148 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351148 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45965 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47575 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS. | ||||
| CVE-2023-47561 | 1 Qnap | 1 Photo Station | 2024-11-21 | 5.5 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later | ||||
| CVE-2023-47520 | 1 Michaeluno | 1 Responsive Column Widgets | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Uno (miunosoft) Responsive Column Widgets plugin <= 1.2.7 versions. | ||||
| CVE-2023-47518 | 1 Vfbpro | 1 Restrict Categories | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4 versions. | ||||
| CVE-2023-47514 | 1 Star-emea | 1 Star Cloudprnt For Woocommerce | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT for WooCommerce plugin <= 2.0.3 versions. | ||||
| CVE-2023-47509 | 1 Ioannup | 1 Edit Woocommerce Templates | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup Edit WooCommerce Templates plugin <= 1.1.1 versions. | ||||
| CVE-2023-47508 | 1 Averta | 1 Master Slider | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions. | ||||
| CVE-2023-47446 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2024-11-21 | 5.4 Medium |
| Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter. | ||||
| CVE-2023-47437 | 1 Pachno | 1 Pachno | 2024-11-21 | 5.4 Medium |
| A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script. | ||||
| CVE-2023-47417 | 1 Paulrouget | 1 Dzslides | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload. | ||||
| CVE-2023-47380 | 1 Admidio | 1 Admidio | 2024-11-21 | 6.1 Medium |
| Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-47379 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.4 Medium |
| Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. | ||||
| CVE-2023-47324 | 1 Silverpeas | 1 Silverpeas | 2024-11-21 | 5.4 Medium |
| Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. | ||||
| CVE-2023-47315 | 1 H-mdm | 1 Headwind Mdm | 2024-11-21 | 8.8 High |
| Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens. | ||||
| CVE-2023-47314 | 1 H-mdm | 1 Headwind Mdm | 2024-11-21 | 5.4 Medium |
| Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download function returns the file in inline mode, the victim’s browser will immediately render the content of the HTML file as a web page. As a result, the uploaded client-side code will be evaluated and executed in the victim’s browser, allowing attackers to perform common XSS attacks. | ||||
| CVE-2023-47309 | 1 Nukium | 1 Gls | 2024-11-21 | 5.4 Medium |
| Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile. | ||||
| CVE-2023-47272 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
| Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). | ||||
| CVE-2023-47260 | 1 Redmine | 1 Redmine | 2024-11-21 | 6.1 Medium |
| Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails. | ||||
| CVE-2023-47259 | 1 Redmine | 1 Redmine | 2024-11-21 | 6.1 Medium |
| Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter. | ||||
| CVE-2023-47258 | 1 Redmine | 1 Redmine | 2024-11-21 | 6.1 Medium |
| Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter. | ||||