Total
44965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41597 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. | ||||
| CVE-2023-41593 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-11-21 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters. | ||||
| CVE-2023-41592 | 1 Froala | 1 Froala Editor | 2024-11-21 | 5.4 Medium |
| Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-41588 | 1 Appfire | 1 Time To Sla | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter. | ||||
| CVE-2023-41575 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2024-11-21 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. | ||||
| CVE-2023-41538 | 1 Phpjabbers | 1 Php Forum Script | 2024-11-21 | 6.1 Medium |
| phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. | ||||
| CVE-2023-41453 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. | ||||
| CVE-2023-41451 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. | ||||
| CVE-2023-41448 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. | ||||
| CVE-2023-41447 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. | ||||
| CVE-2023-41446 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. | ||||
| CVE-2023-41445 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. | ||||
| CVE-2023-41436 | 1 Cskaza | 1 Cszcms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component. | ||||
| CVE-2023-41423 | 1 Terryl | 1 Wp Githuber Md | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function. | ||||
| CVE-2023-41343 | 1 Ragic | 1 Enterprise Cloud Database | 2024-11-21 | 5.4 Medium |
| Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | ||||
| CVE-2023-41318 | 1 Turt2live | 1 Matrix-media-repo | 2024-11-21 | 4.1 Medium |
| matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround. | ||||
| CVE-2023-41316 | 1 Tolgee | 1 Tolgee | 2024-11-21 | 5.5 Medium |
| Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41250 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.5 Low |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | ||||
| CVE-2023-41249 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | ||||
| CVE-2023-41248 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | ||||