Export limit exceeded: 350965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45958 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45958 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41161 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab. | ||||
| CVE-2023-41160 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key. | ||||
| CVE-2023-41159 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually. | ||||
| CVE-2023-41158 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program. | ||||
| CVE-2023-41157 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab. | ||||
| CVE-2023-41156 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter. | ||||
| CVE-2023-41155 | 1 Webmin | 2 Usermin, Webmin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule. | ||||
| CVE-2023-41154 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable. | ||||
| CVE-2023-41153 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options. | ||||
| CVE-2023-41152 | 1 Webmin | 1 Usermin | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program. | ||||
| CVE-2023-41150 | 1 F-revocrm | 1 F-revocrm | 2024-11-21 | 5.4 Medium |
| F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product. | ||||
| CVE-2023-41137 | 1 Appsanywhere | 1 Appsanywhere Client | 2024-11-21 | 8 High |
| Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. | ||||
| CVE-2023-41107 | 1 Tef | 1 Tef Portal | 2024-11-21 | 5.4 Medium |
| TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack. | ||||
| CVE-2023-41098 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | ||||
| CVE-2023-41049 | 1 Decentraland | 1 Single Sign On Client | 2024-11-21 | 7.5 High |
| @dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function. | ||||
| CVE-2023-41030 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 6.3 Medium |
| Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. | ||||
| CVE-2023-41013 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | ||||
| CVE-2023-40986 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field. | ||||
| CVE-2023-40985 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced. | ||||
| CVE-2023-40984 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file. | ||||