Export limit exceeded: 350768 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45929 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41152 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program. | ||||
| CVE-2023-41150 | 1 F-revocrm | 1 F-revocrm | 2024-11-21 | 5.4 Medium |
| F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product. | ||||
| CVE-2023-41137 | 1 Appsanywhere | 1 Appsanywhere Client | 2024-11-21 | 8 High |
| Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. | ||||
| CVE-2023-41107 | 1 Tef | 1 Tef Portal | 2024-11-21 | 5.4 Medium |
| TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack. | ||||
| CVE-2023-41098 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | ||||
| CVE-2023-41049 | 1 Decentraland | 1 Single Sign On Client | 2024-11-21 | 7.5 High |
| @dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function. | ||||
| CVE-2023-41030 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 6.3 Medium |
| Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. | ||||
| CVE-2023-41013 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | ||||
| CVE-2023-40986 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field. | ||||
| CVE-2023-40985 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced. | ||||
| CVE-2023-40984 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file. | ||||
| CVE-2023-40983 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file. | ||||
| CVE-2023-40982 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. | ||||
| CVE-2023-40932 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials. | ||||
| CVE-2023-40877 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. | ||||
| CVE-2023-40876 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | ||||
| CVE-2023-40875 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. | ||||
| CVE-2023-40874 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | ||||
| CVE-2023-40869 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions. | ||||
| CVE-2023-40851 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page. | ||||