Total
44931 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37873 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | ||||
| CVE-2023-37830 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||
| CVE-2023-37829 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter. | ||||
| CVE-2023-37828 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter. | ||||
| CVE-2023-37827 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter. | ||||
| CVE-2023-37826 | 1 General-solutions | 1 Contwise Case2 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter. | ||||
| CVE-2023-37798 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | ||||
| CVE-2023-37790 | 1 Broadcom | 1 Clarity | 2024-11-21 | 5.4 Medium |
| Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. | ||||
| CVE-2023-37787 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php. | ||||
| CVE-2023-37786 | 1 Geeklog | 1 Geeklog | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php. | ||||
| CVE-2023-37785 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php. | ||||
| CVE-2023-37746 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component. | ||||
| CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. | ||||
| CVE-2023-37744 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 6.1 Medium |
| Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. | ||||
| CVE-2023-37743 | 1 Phpgurukul | 1 Teacher Subject Allocation System | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box. | ||||
| CVE-2023-37742 | 1 Webboss | 1 Webboss.io Cms | 2024-11-21 | 6.1 Medium |
| WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-37733 | 1 Tduckcloud | 1 Tduck-platform | 2024-11-21 | 6.1 Medium |
| An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file. | ||||
| CVE-2023-37728 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 6.1 Medium |
| IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | ||||
| CVE-2023-37692 | 1 Octobercms | 1 October | 2024-11-21 | 5.4 Medium |
| An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2023-37690 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-21 | 4.8 Medium |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. | ||||