Export limit exceeded: 46048 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46048 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2660 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2025-01-24 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-29029 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | 4.7 Medium |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | ||||
| CVE-2023-29028 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | 4.7 Medium |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | ||||
| CVE-2023-29027 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | 4.7 Medium |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | ||||
| CVE-2023-29026 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | 4.7 Medium |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | ||||
| CVE-2023-29022 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | 4.7 Medium |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | ||||
| CVE-2024-3140 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-01-24 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915. | ||||
| CVE-2023-29983 | 1 Companymaps Project | 1 Companymaps | 2025-01-24 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel. | ||||
| CVE-2023-29808 | 1 Companymaps Project | 1 Companymaps | 2025-01-24 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code. | ||||
| CVE-2023-28520 | 1 Ibm | 1 Planning Analytics Local | 2025-01-24 | 6.4 Medium |
| IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. | ||||
| CVE-2023-32984 | 1 Jenkins | 1 Testng Results | 2025-01-23 | 5.4 Medium |
| Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file. | ||||
| CVE-2024-1883 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | 6.3 Medium |
| This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. | ||||
| CVE-2023-30124 | 1 Lavalite | 1 Lavalite | 2025-01-23 | 5.4 Medium |
| LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-31544 | 1 Alkacon | 1 Opencms | 2025-01-23 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module. | ||||
| CVE-2023-46596 | 1 Algosec | 1 Fireflow | 2025-01-23 | 5.1 Medium |
| Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above) | ||||
| CVE-2023-4539 | 1 Comarch | 1 Erp Xl | 2025-01-23 | 7.5 High |
| Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||||
| CVE-2023-33007 | 1 Jenkins | 1 Loadcomplete Support | 2025-01-23 | 5.4 Medium |
| Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2023-33002 | 1 Jenkins | 1 Testcomplete Support | 2025-01-23 | 5.4 Medium |
| Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2023-32977 | 2 Jenkins, Redhat | 3 Pipeline\, Ocp Tools, Openshift | 2025-01-23 | 5.4 Medium |
| Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately. | ||||
| CVE-2023-30452 | 1 Morosystems | 1 Easymind | 2025-01-23 | 5.4 Medium |
| The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter. | ||||