Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3659 | 1 Oretnom23 | 1 Ac Repair And Services System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability.
|
|||||
| CVE-2023-3653 | 1 Digital-ant | 1 Digital Ant | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11.
|
|||||
| CVE-2023-3642 | 1 Gzscripts | 1 Vacation Rental Website | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/ of the component HTTP POST Request Handler. The manipulation of the argument username/title/comment leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233888.
|
|||||
| CVE-2023-3641 | 1 Nodcms | 1 Nodcms | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument comment_name/comment_content leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233887.
|
|||||
| CVE-2023-3620 | 1 Tarteaucitron | 1 Tarteaucitron | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.
|
|||||
| CVE-2023-3588 | 1 3ds | 1 Teamwork Cloud No Magic Release | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.
|
|||||
| CVE-2023-3565 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
|
|||||
| CVE-2023-3564 | 1 Gzscripts | 1 Gz Multi Hotel Booking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. It has been classified as problematic. Affected is an unknown function of the file /index.php. The manipulation of the argument adults/children/cal_id leads to cross site scripting. It is possible to launch the attack remotely. VDB-233358 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-3563 | 1 Gzscripts | 1 Gz E Learning Platform | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and classified as problematic. This issue affects some unknown processing of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-233357 was assigned to this vulnerability.
|
|||||
| CVE-2023-3562 | 1 Gzscripts | 1 Php Crm Platform | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3561 | 1 Gzscripts | 1 Php Gz Hotel Booking Script | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233355. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3560 | 1 Gzscripts | 1 Ticket Booking Script | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack may be launched remotely. VDB-233354 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3559 | 1 Gzscripts | 1 Php Gz Appointment Scheduling Script | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233353 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3558 | 1 Gzscripts | 1 Event Booking Calendar | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in GZ Scripts Event Booking Calendar 1.8. Affected is an unknown function of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233352. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3557 | 1 Gzscripts | 1 Property Listing Script | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in GZ Scripts Property Listing Script 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /preview.php. The manipulation of the argument page/layout/sort_by leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233351. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3556 | 1 Gzscripts | 1 Car Listing Script Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /preview.php. The manipulation of the argument page/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-233350 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3555 | 1 Gzscripts | 1 Php Vacation Rental Script | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sort_by/property_id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233349 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3554 | 1 Gzscripts | 1 Gz Forum Script | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /preview.php. The manipulation of the argument catid/topicid/topic/topic_message/free_name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233348. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3544 | 1 Gzscripts | 1 Time Slot Booking Calendar Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3543 | 1 Gzscripts | 1 Availability Booking Calendar Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did n ...
Show More |
|||||
| CVE-2023-3542 | 1 Thinutech | 1 Thinu-cms | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-3541 | 1 Thinutech | 1 Thinu-cms | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability.
|
|||||
| CVE-2023-3540 | 1 Simplephpscripts | 1 Newsletter Script Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292.
|
|||||
| CVE-2023-3539 | 1 Simplephpscripts | 1 Simple Forum Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291.
|
|||||
| CVE-2023-3538 | 1 Simplephpscripts | 1 Photo Gallery Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-3537 | 1 Simplephpscripts | 1 News Script Php Pro | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233289 was assigned to this vulnerability.
|
|||||
| CVE-2023-3536 | 1 Simplephpscripts | 1 Funeral Script Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.
|
|||||
| CVE-2023-3535 | 1 Simplephpscripts | 1 Faq Script Php | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233287.
|
|||||
| CVE-2023-3532 | 1 Getoutline | 1 Outline | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to 0.70.1.
|
|||||
| CVE-2023-3531 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
|
|||||
| CVE-2023-3526 | 1 Phoenixcontact | 14 Cloud Client 1101t-tx, Cloud Client 1101t-tx Firmware, Tc Cloud Client 1002-4g and 11 more | 2024-11-21 | N/A | 9.6 CRITICAL |
|
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
|
|||||
| CVE-2023-3521 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.
|
|||||
| CVE-2023-3506 | 1 Activeitzone | 1 Active Ecommerce Cms | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/support_ticket of the component Create Ticket Page. The manipulation of the argument details with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-232954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but d ...
Show More |
|||||
| CVE-2023-3505 | 1 Onesttech | 1 Onest Customer Relation Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-3500 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.8 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims.
|
|||||
| CVE-2023-3481 | 1 Google | 1 Critters | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension.
|
|||||
| CVE-2023-3479 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
|
|||||
| CVE-2023-3477 | 1 Rocketsoft | 1 Rocket Lms | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.
|
|||||
| CVE-2023-3476 | 1 Simplephpscripts | 1 Guestbook Script | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.
|
|||||
| CVE-2023-3475 | 1 Simplephpscripts | 1 Event Script | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.
|
|||||