Export limit exceeded: 349823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1363 | 1 Computer Parts Sales And Inventory System Project | 1 Computer Parts Sales And Inventory System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222870 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1356 | 1 Idattend | 1 Idweb | 2024-11-21 | 7.5 High |
| Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link. | ||||
| CVE-2023-1354 | 1 Design And Implementation Of Covid-19 Directory On Vaccination System Project | 1 Design And Implementation Of Covid-19 Directory On Vaccination System | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability. | ||||
| CVE-2023-1349 | 1 Hsycms | 1 Hsycms | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1302 | 1 File Tracker Manager System Project | 1 File Tracker Management System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222663. | ||||
| CVE-2023-1275 | 1 Phone Shop Sales Managements System Project | 1 Phone Shop Sales Managements System | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1270 | 1 Btcpayserver | 1 Btcpayserver | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3. | ||||
| CVE-2023-1254 | 1 Health Center Patient Record Management System Project | 1 Health Center Patient Record Management System | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484. | ||||
| CVE-2023-1200 | 1 Ehuacui-bbs Project | 1 Ehuacui-bbs | 2024-11-21 | 3.5 Low |
| A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388. | ||||
| CVE-2023-1179 | 1 Computer Parts Sales And Inventory System Project | 1 Computer Parts Sales And Inventory System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1156 | 1 Health Center Patient Record Management System Project | 1 Health Center Patient Record Management System | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0. This vulnerability affects unknown code of the file admin/fecalysis_form.php. The manipulation of the argument itr_no leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222220. | ||||
| CVE-2023-1111 | 2024-11-21 | 2.4 Low | ||
| A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266126 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1081 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | ||||
| CVE-2023-0966 | 1 Oretnom23 | 1 Online Eyewear Shop | 2024-11-21 | 2.4 Low |
| A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221635. | ||||
| CVE-2023-0945 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592. | ||||
| CVE-2023-0902 | 1 Simple Food Ordering System Project | 1 Simple Food Ordering System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451. | ||||
| CVE-2023-0869 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 5.8 Medium |
| Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0868 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 6.7 Medium |
| Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0867 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 6.7 Medium |
| Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0846 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 6.7 Medium |
| Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||