Export limit exceeded: 46043 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46043 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46282 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2025-01-14 | 7.1 High |
| A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. | ||||
| CVE-2023-28347 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 9.6 Critical |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner. | ||||
| CVE-2023-28350 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 6.1 Medium |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged functionality offered by the Teacher Console, the ability to silently exploit Cross Site Scripting (XSS) on the Teacher Machine enables remote code execution on any connected student machine (and the teacher's machine). | ||||
| CVE-2022-36244 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | 5.4 Medium |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za. | ||||
| CVE-2023-2954 | 1 Djangoblog Project | 1 Djangoblog | 2025-01-13 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master. | ||||
| CVE-2023-32072 | 1 Enalean | 1 Tuleap | 2025-01-13 | 4.8 Medium |
| Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a victim, also a Git administrator, execute uncontrolled code. Tuleap Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3, and Tuleap Enterprise Edition 14.7-7 contain a patch for this issue. | ||||
| CVE-2023-31184 | 1 Rozcom | 1 Rozcom Client | 2025-01-13 | 6.2 Medium |
| ROZCOM client CWE-798: Use of Hard-coded Credentials | ||||
| CVE-2023-29101 | 1 Muffingroup | 1 Betheme | 2025-01-13 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions. | ||||
| CVE-2022-40697 | 1 3commarketing | 1 3com-asesor-de-cookies | 2025-01-13 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com – Asesor de Cookies para normativa española plugin <= 3.4.3 versions. | ||||
| CVE-2023-22721 | 1 Oi Yandex.maps Project | 1 Oi Yandex.maps | 2025-01-13 | 6.5 Medium |
| Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions. | ||||
| CVE-2023-23687 | 1 Youtube Shortcode Project | 1 Youtube Shortcode | 2025-01-13 | 6.5 Medium |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions. | ||||
| CVE-2022-29416 | 1 Afterpay | 1 Afterpay Gateway For Woocommerce | 2025-01-13 | 4.7 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions. | ||||
| CVE-2022-37402 | 1 Afsanalytics | 1 Afs Analytics | 2025-01-13 | 4.8 Medium |
| Stored Cross-site Scripting (XSS) vulnerability in AFS Analytics plugin <= 4.18 versions. | ||||
| CVE-2022-38971 | 1 Themekraft | 1 Post Form Registration Form Profile Form For User Profiles And Content Forms | 2025-01-13 | 4.7 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions. | ||||
| CVE-2022-40699 | 1 Yasr - Yet Another Stars Rating Project | 1 Yasr - Yet Another Stars Rating | 2025-01-13 | 5.4 Medium |
| Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr – Yet Another Stars Rating plugin <= 3.1.2 versions. | ||||
| CVE-2022-41554 | 1 Slideshow Se Project | 1 Slideshow Se | 2025-01-13 | 4.8 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions. | ||||
| CVE-2022-43461 | 1 Slideshow Se Project | 1 Slideshow Se | 2025-01-13 | 4.8 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions. | ||||
| CVE-2022-45817 | 1 Gc Testimonials Project | 1 Gc Testimonials | 2025-01-13 | 5.4 Medium |
| Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimonials plugin <= 1.3.2 versions. | ||||
| CVE-2023-25795 | 1 Wp-master | 1 Feed Changer \& Remover | 2025-01-13 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions. | ||||
| CVE-2023-25794 | 1 Nooz Project | 1 Nooz | 2025-01-13 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions. | ||||