Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37873 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
|
|||||
| CVE-2023-37830 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
|
|||||
| CVE-2023-37829 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.
|
|||||
| CVE-2023-37828 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter.
|
|||||
| CVE-2023-37827 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter.
|
|||||
| CVE-2023-37826 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter.
|
|||||
| CVE-2023-37798 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
|
|||||
| CVE-2023-37790 | 1 Broadcom | 1 Clarity | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.
|
|||||
| CVE-2023-37787 | 1 Geeklog | 1 Geeklog | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.
|
|||||
| CVE-2023-37786 | 1 Geeklog | 1 Geeklog | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.
|
|||||
| CVE-2023-37785 | 1 Impresscms | 1 Impresscms | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
|
|||||
| CVE-2023-37746 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component.
|
|||||
| CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.
|
|||||
| CVE-2023-37744 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.
|
|||||
| CVE-2023-37743 | 1 Phpgurukul | 1 Teacher Subject Allocation System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box.
|
|||||
| CVE-2023-37742 | 1 Webboss | 1 Webboss.io Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2023-37733 | 1 Tduckcloud | 1 Tduck-platform | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file.
|
|||||
| CVE-2023-37728 | 1 Icewarp | 1 Icewarp | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.
|
|||||
| CVE-2023-37692 | 1 Octobercms | 1 October | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.
|
|||||
| CVE-2023-37690 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.
|
|||||
| CVE-2023-37689 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.
|
|||||
| CVE-2023-37688 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.
|
|||||
| CVE-2023-37686 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.
|
|||||
| CVE-2023-37685 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.
|
|||||
| CVE-2023-37684 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.
|
|||||
| CVE-2023-37683 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.
|
|||||
| CVE-2023-37658 | 1 Fastposter | 1 Fast-poster | 2024-11-21 | N/A | 5.4 MEDIUM |
|
fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File upload check binary of img, but without strictly check file suffix at /server/fast.py -> ApiUploadHandler.post causes stored XSS
|
|||||
| CVE-2023-37657 | 1 Lm21 | 1 Twonav | 2024-11-21 | N/A | 5.4 MEDIUM |
|
TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2023-37636 | 1 Webkul | 1 Uvdesk | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.
|
|||||
| CVE-2023-37630 | 1 Simple Online Piggery Management System Project | 1 Simple Online Piggery Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS.
|
|||||
| CVE-2023-37625 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.
|
|||||
| CVE-2023-37623 | 1 Netdisco | 1 Netdisco | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm.
|
|||||
| CVE-2023-37613 | 1 Assemblysoftware | 1 Trialworks | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter.
|
|||||
| CVE-2023-37611 | 1 Neos | 1 Neos Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component.
|
|||||
| CVE-2023-37602 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
|
|||||
| CVE-2023-37600 | 1 Mobisystems | 1 Office Suite | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile.
|
|||||
| CVE-2023-37581 | 1 Apache | 1 Roller | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File ...
Show More |
|||||
| CVE-2023-37560 | 1 Elecom | 4 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 1 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
|
|||||
| CVE-2023-37539 | 1 Hcltech | 1 Domino | 2024-11-21 | N/A | 8.4 HIGH |
|
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.
|
|||||
| CVE-2023-37538 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | N/A | 9.3 CRITICAL |
|
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
|
|||||