Export limit exceeded: 349953 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349953 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2072 | 1 Rockwellautomation | 2 Powermonitor 1000, Powermonitor 1000 Firmware | 2024-11-21 | 8.8 High |
| The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. | ||||
| CVE-2023-2058 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 2.4 Low |
| A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225943. | ||||
| CVE-2023-2057 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 2.4 Low |
| A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2044 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-29998 | 1 Gis3w | 1 G3w-suite | 2024-11-21 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter. | ||||
| CVE-2023-29489 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.3 Medium |
| An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31. | ||||
| CVE-2023-29452 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 5.5 Medium |
| Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. | ||||
| CVE-2023-29441 | 1 Deepsoft | 1 Weblibrarian | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert Heller WebLibrarian plugin <= 3.5.8.1 versions. | ||||
| CVE-2023-29438 | 1 Simplemodal Contact Form Project | 1 Simplemodal Contact Form | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions. | ||||
| CVE-2023-29437 | 1 Connections-pro | 1 Connections Business Directory | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions. | ||||
| CVE-2023-29436 | 1 Iframe Shortcode Project | 1 Iframe Shortcode | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flyn San IFrame Shortcode plugin <= 1.0.5 versions. | ||||
| CVE-2023-29435 | 1 Zwaply | 1 Cryptocurrency All-in-one | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Zwaply Cryptocurrency All-in-One plugin <= 3.0.19 versions. | ||||
| CVE-2023-29434 | 1 Fancythemes | 1 Optin Forms | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1 versions. | ||||
| CVE-2023-29430 | 1 Cththemes | 1 Theroof | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions. | ||||
| CVE-2023-29427 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions. | ||||
| CVE-2023-29424 | 1 Plainware | 1 Shiftcontroller | 2024-11-21 | 7.1 High |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions. | ||||
| CVE-2023-29423 | 1 Piwebsolution | 1 Cancel Order Request \/ Return Order \/ Repeat Order \/ Reorder For Woocommerce | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions. | ||||
| CVE-2023-29387 | 1 Juliencrego | 1 Manager For Icomoon | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Julien Crego Manager for Icomoon plugin <= 2.0 versions. | ||||
| CVE-2023-29247 | 1 Apache | 1 Airflow | 2024-11-21 | 5.4 Medium |
| Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. | ||||
| CVE-2023-29171 | 1 Magic-post-thumbnail | 1 Magic Post Thumbnail | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions. | ||||