Export limit exceeded: 351119 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45962 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44986 | 1 Tychesoftwares | 1 Abandoned Cart Lite For Woocommerce | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions. | ||||
| CVE-2023-44984 | 1 Rewweb | 1 Bbp Style Pack | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions. | ||||
| CVE-2023-44954 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. | ||||
| CVE-2023-44826 | 1 Easycorp | 1 Zentao | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | ||||
| CVE-2023-44813 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. | ||||
| CVE-2023-44812 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. | ||||
| CVE-2023-44796 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | ||||
| CVE-2023-44771 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. | ||||
| CVE-2023-44770 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. | ||||
| CVE-2023-44769 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. | ||||
| CVE-2023-44767 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 4.8 Medium |
| A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content. | ||||
| CVE-2023-44766 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.8 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. | ||||
| CVE-2023-44765 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. | ||||
| CVE-2023-44764 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). | ||||
| CVE-2023-44762 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. | ||||
| CVE-2023-44761 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. | ||||
| CVE-2023-44760 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.8 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Also, the exploitation method claimed by "sromanhu" does not provide any access to a Concrete CMS session, because the Concrete CMS session cookie is configured as HttpOnly. | ||||
| CVE-2023-44758 | 1 Gdidees | 1 Gdidees Cms | 2024-11-21 | 5.4 Medium |
| GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. | ||||
| CVE-2023-44484 | 1 Projectworlds | 1 Online Blood Donation Management System | 2024-11-21 | 6.1 Medium |
| Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response. | ||||
| CVE-2023-44477 | 1 Boxystudio | 1 Cooked | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions. | ||||