Export limit exceeded: 45963 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45963 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46126 | 1 Ethyca | 1 Fides | 2024-11-21 | 3.9 Low |
| Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability makes it possible to craft a payload in the privacy policy URL which triggers JavaScript execution when the privacy notice is served by an integrated website. The domain scope of the executed JavaScript is that of the integrated website. Exploitation is limited to Admin UI users with the contributor role or higher. The vulnerability has been patched in Fides version `2.22.1`. | ||||
| CVE-2023-46102 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | 8.8 High |
| The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself. | ||||
| CVE-2023-46074 | 1 Borbis | 1 Freshmail For Wordpress | 2024-11-21 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions. | ||||
| CVE-2023-46068 | 1 Maileon | 1 Maileon | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions. | ||||
| CVE-2023-46059 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component. | ||||
| CVE-2023-46058 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component. | ||||
| CVE-2023-46054 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | ||||
| CVE-2023-46040 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. | ||||
| CVE-2023-46026 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters. | ||||
| CVE-2023-46020 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters. | ||||
| CVE-2023-46019 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter. | ||||
| CVE-2023-46016 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL. | ||||
| CVE-2023-46015 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL. | ||||
| CVE-2023-46003 | 1 I-doit | 1 I-doit | 2024-11-21 | 5.4 Medium |
| I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. | ||||
| CVE-2023-45998 | 1 Kodcloud | 1 Kodbox | 2024-11-21 | 5.4 Medium |
| kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS. | ||||
| CVE-2023-45992 | 1 Commscope | 1 Ruckus Cloudpath Enrollment System | 2024-11-21 | 9.6 Critical |
| A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. | ||||
| CVE-2023-45958 | 1 Thirtybees | 1 Thirty Bees | 2024-11-21 | 6.1 Medium |
| Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload. | ||||
| CVE-2023-45957 | 1 Thirtybees | 1 Thirty Bees | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling. | ||||
| CVE-2023-45885 | 1 Nasa | 1 Openmct | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | ||||
| CVE-2023-45881 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 6.1 Medium |
| GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response. | ||||