Export limit exceeded: 350771 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45930 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45930 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41153 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options. | ||||
| CVE-2023-41152 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program. | ||||
| CVE-2023-41150 | 1 F-revocrm | 1 F-revocrm | 2024-11-21 | 5.4 Medium |
| F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product. | ||||
| CVE-2023-41137 | 1 Appsanywhere | 1 Appsanywhere Client | 2024-11-21 | 8 High |
| Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. | ||||
| CVE-2023-41107 | 1 Tef | 1 Tef Portal | 2024-11-21 | 5.4 Medium |
| TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack. | ||||
| CVE-2023-41098 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | ||||
| CVE-2023-41049 | 1 Decentraland | 1 Single Sign On Client | 2024-11-21 | 7.5 High |
| @dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function. | ||||
| CVE-2023-41030 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 6.3 Medium |
| Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. | ||||
| CVE-2023-41013 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | ||||
| CVE-2023-40986 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field. | ||||
| CVE-2023-40985 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced. | ||||
| CVE-2023-40984 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file. | ||||
| CVE-2023-40983 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file. | ||||
| CVE-2023-40982 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. | ||||
| CVE-2023-40932 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials. | ||||
| CVE-2023-40877 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. | ||||
| CVE-2023-40876 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | ||||
| CVE-2023-40875 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. | ||||
| CVE-2023-40874 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | ||||
| CVE-2023-40869 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions. | ||||