Export limit exceeded: 350469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39175 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible | ||||
| CVE-2023-39164 | 1 Amitzy | 1 Molongui | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19 versions. | ||||
| CVE-2023-39162 | 1 Xlplugins | 1 Woo-confirmation-email | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugins User Email Verification for WooCommerce plugin <= 3.5.0 versions. | ||||
| CVE-2023-39151 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. | ||||
| CVE-2023-39097 | 1 Webboss | 1 Webboss.io Cms | 2024-11-21 | 5.4 Medium |
| WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-39096 | 1 Webboss | 1 Webboss.io Cms | 2024-11-21 | 5.4 Medium |
| WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding. | ||||
| CVE-2023-39094 | 1 Zerowdd | 1 Studentmanager | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function. | ||||
| CVE-2023-39067 | 1 Zlmediakit | 1 Zlmediakit | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL. | ||||
| CVE-2023-39062 | 1 Html2pdf Project | 1 Html2pdf | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php. | ||||
| CVE-2023-39007 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 9.6 Critical |
| /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. | ||||
| CVE-2023-39006 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 5.4 Medium |
| The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. | ||||
| CVE-2023-39002 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-39000 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path. | ||||
| CVE-2023-38974 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | ||||
| CVE-2023-38973 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | ||||
| CVE-2023-38971 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function. | ||||
| CVE-2023-38970 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function. | ||||
| CVE-2023-38969 | 1 Uatech | 1 Badaso | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function. | ||||
| CVE-2023-38964 | 1 Creativeitem | 1 Academy Lms | 2024-11-21 | 6.1 Medium |
| Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-38911 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. | ||||