Export limit exceeded: 46020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53936 | 1 Tuzitio | 1 Camaleon Cms | 2026-04-07 | 4.8 Medium |
| Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing session cookies and executing arbitrary JavaScript. | ||||
| CVE-2023-53932 | 1 S9y | 1 Serendipity | 2026-04-07 | 5.4 Medium |
| Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post. | ||||
| CVE-2023-53931 | 1 Revive-adserver | 2 Adserver, Revive Adserver | 2026-04-07 | 6.1 Medium |
| Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page. | ||||
| CVE-2023-53928 | 1 Php-fusion | 1 Phpfusion | 2026-04-07 | 5.4 Medium |
| PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks. | ||||
| CVE-2023-53927 | 2 Phpjabbers, Simple-cms Project | 2 Simple Cms, Simple Cms | 2026-04-07 | 5.4 Medium |
| PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution. | ||||
| CVE-2023-53925 | 1 Ulicms | 1 Ulicms | 2026-04-07 | 6.1 Medium |
| UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users. | ||||
| CVE-2023-53920 | 1 Podcastgenerator | 1 Podcast Generator | 2026-04-07 | 5.4 Medium |
| PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into the podcast title execute when users visit the application's home page. | ||||
| CVE-2023-53919 | 1 Podcastgenerator | 1 Podcast Generator | 2026-04-07 | 5.4 Medium |
| PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page. | ||||
| CVE-2023-53918 | 1 Podcastgenerator | 1 Podcast Generator | 2026-04-07 | 6.1 Medium |
| PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page (episodes_list.php). | ||||
| CVE-2023-53916 | 1 Zenphoto | 1 Zenphoto | 2026-04-07 | 4.6 Medium |
| Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser context. | ||||
| CVE-2023-53915 | 1 Zenphoto | 1 Zenphoto | 2026-04-07 | 4.6 Medium |
| Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users view the album page. | ||||
| CVE-2023-53911 | 1 Textpattern | 1 Textpattern | 2026-04-07 | 5.4 Medium |
| Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users. | ||||
| CVE-2023-53910 | 1 Wbce | 1 Wbce Cms | 2026-04-07 | 5.4 Medium |
| WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script content in the content parameter to execute JavaScript when users view the affected page. | ||||
| CVE-2023-53909 | 1 Wbce | 1 Wbce Cms | 2026-04-07 | 5.4 Medium |
| WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the /wbce/modules/elfinder/ef/php/connector.wbce.php endpoint and execute JavaScript when victims access the uploaded file. | ||||
| CVE-2023-53906 | 1 Projectsend | 1 Projectsend | 2026-04-07 | 4.8 Medium |
| projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users load the affected page, enabling persistent script injection. | ||||
| CVE-2023-53903 | 1 Websitebaker | 1 Websitebaker | 2026-04-07 | 5.4 Medium |
| WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting attacks. | ||||
| CVE-2023-53900 | 1 Spip | 1 Spip | 2026-04-07 | 8.8 High |
| Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering. | ||||
| CVE-2023-53898 | 1 Rukovoditel | 1 Rukovoditel | 2026-04-07 | 5.4 Medium |
| Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers. | ||||
| CVE-2023-53897 | 1 Rukovoditel | 1 Rukovoditel | 2026-04-07 | 5.4 Medium |
| Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers. | ||||
| CVE-2023-53891 | 1 Blackcat-cms | 1 Blackcat Cms | 2026-04-07 | 5.4 Medium |
| Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page. | ||||