Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1239 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.
|
|||||
| CVE-2023-1238 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
|
|||||
| CVE-2023-1237 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
|
|||||
| CVE-2023-1212 | 1 Phpipam | 1 Phpipam | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
|
|||||
| CVE-2023-1209 | 1 Servicenow | 1 Servicenow | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
|
|||||
| CVE-2023-1200 | 1 Ehuacui-bbs Project | 1 Ehuacui-bbs | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388.
|
|||||
| CVE-2023-1197 | 1 Uvdesk | 1 Community-skeleton | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.
|
|||||
| CVE-2023-1181 | 1 Easyimages2.0 Project | 1 Easyimages2.0 | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7.
|
|||||
| CVE-2023-1180 | 1 Health Center Patient Record Management System Project | 1 Health Center Patient Record Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.
|
|||||
| CVE-2023-1179 | 1 Computer Parts Sales And Inventory System Project | 1 Computer Parts Sales And Inventory System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-1159 | 1 Booking-wp-plugin | 1 Bookly | 2024-11-21 | N/A | 4.0 MEDIUM |
|
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
|
|||||
| CVE-2023-1156 | 1 Health Center Patient Record Management System Project | 1 Health Center Patient Record Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0. This vulnerability affects unknown code of the file admin/fecalysis_form.php. The manipulation of the argument itr_no leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222220.
|
|||||
| CVE-2023-1154 | 1 Pacsrapor | 1 Pacsrapor | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22.
|
|||||
| CVE-2023-1148 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
|
|||||
| CVE-2023-1147 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
|
|||||
| CVE-2023-1146 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
|
|||||
| CVE-2023-1131 | 1 Computer Parts Sales And Inventory System Project | 1 Computer Parts Sales And Inventory System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-1117 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
|
|||||
| CVE-2023-1116 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
|
|||||
| CVE-2023-1115 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
|
|||||
| CVE-2023-1113 | 1 Simple Payroll System With Dynamic Tax Bracket Project | 1 Simple Payroll System With Dynamic Tax Bracket | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in SourceCodester Simple Payroll System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=admin of the component POST Parameter Handler. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222073 was assigned to this vulnerability.
|
|||||
| CVE-2023-1111 | 2024-11-21 | 3.3 LOW | 2.4 LOW | ||
|
A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266126 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-1107 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
|
|||||
| CVE-2023-1106 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
|
|||||
| CVE-2023-1104 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
|
|||||
| CVE-2023-1081 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
|
|||||
| CVE-2023-1067 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
|
|||||
| CVE-2023-1060 | 1 Ykmbilisim | 1 Ykm Crm | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30.
|
|||||
| CVE-2023-1051 | 1 Askoc | 1 Web Report System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.This issue affects Web Report System: before 23.03.10.
|
|||||
| CVE-2023-1042 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1"><script>alert(1111)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800.
|
|||||
| CVE-2023-1036 | 1 Dental Clinic Appointment Reservation System Project | 1 Dental Clinic Appointment Reservation System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /APR/signup.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221794 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-1006 | 1 Medical Certificate Generator App Project | 1 Medical Certificate Generator App | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument Firstname/Middlename/Lastname/Suffix/Nationality/Doctor Fullname/Doctor Suffix with the input "><script>prompt(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739.
|
|||||
| CVE-2023-1001 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected co ...
Show More |
|||||
| CVE-2023-0995 | 1 Business Management System Project | 1 Business Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.
|
|||||
| CVE-2023-0992 | 1 Getshieldsecurity | 1 Shield Security | 2024-11-21 | N/A | 7.2 HIGH |
|
The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-0987 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680.
|
|||||
| CVE-2023-0966 | 1 Oretnom23 | 1 Online Eyewear Shop | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221635.
|
|||||
| CVE-2023-0949 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.
|
|||||
| CVE-2023-0945 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592.
|
|||||
| CVE-2023-0934 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5.
|
|||||