Export limit exceeded: 45967 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45967 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5556 | 1 Structurizr | 1 On-premises Installation | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194. | ||||
| CVE-2023-5547 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 3.3 Low |
| The course upload preview contained an XSS risk for users uploading unsafe data. | ||||
| CVE-2023-5546 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | ||||
| CVE-2023-5541 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.3 Low |
| The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | ||||
| CVE-2023-5530 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.8 Medium |
| The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue | ||||
| CVE-2023-5458 | 1 Ashik | 1 Cits Support Svg\, Webp Media And Ttf\,otf File Upload | 2024-11-21 | 5.4 Medium |
| The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2023-5452 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | ||||
| CVE-2023-5421 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 Low |
| An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | ||||
| CVE-2023-5351 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. | ||||
| CVE-2023-5348 | 1 Multivendorx | 1 Product Catalog Mode For Woocommerce | 2024-11-21 | 6.1 Medium |
| The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users. | ||||
| CVE-2023-5343 | 1 Ays-pro | 1 Popup Box | 2024-11-21 | 4.8 Medium |
| The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2023-5325 | 1 Levantoan | 1 Woocommerce Vietnam Checkout | 2024-11-21 | 6.1 Medium |
| The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS | ||||
| CVE-2023-5323 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. | ||||
| CVE-2023-5320 | 2 Phpmyfaq, Thorsten | 2 Phpmyfaq, Phpmyfaq | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | ||||
| CVE-2023-5319 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | ||||
| CVE-2023-5318 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | ||||
| CVE-2023-5317 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | ||||
| CVE-2023-5316 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | ||||
| CVE-2023-5305 | 1 Anujk305 | 1 Online Banquet Booking System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944. | ||||