Export limit exceeded: 46093 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46093 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1875 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-04 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-30788 | 1 Monicahq | 1 Monica | 2025-02-04 | 5.4 Medium |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter. | ||||
| CVE-2022-45291 | 1 Pwsdashboard | 1 Personal Weather Station Dashboard | 2025-02-04 | 7.2 High |
| PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022. | ||||
| CVE-2023-51544 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | 5.3 Medium |
| Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0. | ||||
| CVE-2025-0844 | 1 Needyamin | 1 Library Card System | 2025-02-04 | 4.3 Medium |
| A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the argument firstname/lastname/email/borrow/user_address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2023-29848 | 1 Hockeycomputindo | 1 Bang Resto | 2025-02-04 | 4.8 Medium |
| Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function. | ||||
| CVE-2023-26061 | 1 Nokia | 1 Netact | 2025-02-04 | 6.8 Medium |
| An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | ||||
| CVE-2023-26059 | 1 Nokia | 1 Netact | 2025-02-04 | 6.8 Medium |
| An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user. | ||||
| CVE-2023-25347 | 1 Churchcrm | 1 Churchcrm | 2025-02-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php. | ||||
| CVE-2023-25314 | 1 Wwbn | 1 Avideo | 2025-02-04 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. | ||||
| CVE-2022-28354 | 1 Mybb | 1 Active Threads | 2025-02-04 | 6.1 Medium |
| In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period. | ||||
| CVE-2024-47984 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | 4.4 Medium |
| Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state. | ||||
| CVE-2024-29960 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.8 Medium |
| In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav. | ||||
| CVE-2024-29963 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 1.9 Low |
| Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. | ||||
| CVE-2024-29966 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 7.5 High |
| Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance. | ||||
| CVE-2024-43317 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0. | ||||
| CVE-2024-5460 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | 8.1 High |
| A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device. | ||||
| CVE-2023-26843 | 1 Churchcrm | 1 Churchcrm | 2025-02-04 | 5.4 Medium |
| A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. | ||||
| CVE-2024-48893 | 1 Fortinet | 1 Fortisoar | 2025-02-03 | 6.4 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook. | ||||
| CVE-2024-52967 | 1 Fortinet | 1 Fortiportal | 2025-02-03 | 3.3 Low |
| An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection. | ||||