Search Results (363315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-5326 1 Sato 2 Cl4nx-j Plus, Cl4nx-j Plus Firmware 2024-11-21 6.3 Medium
A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241027.
CVE-2023-5325 1 Levantoan 1 Woocommerce Vietnam Checkout 2024-11-21 6.1 Medium
The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS
CVE-2023-5323 1 Dolibarr 2 Dolibarr, Dolibarr Erp\/crm 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
CVE-2023-5322 1 Dlink 2 Dar-7000, Dar-7000 Firmware 2024-11-21 4.7 Medium
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/edit_manageadmin.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240992. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVE-2023-5321 1 Hamza417 1 Inure 2024-11-21 5.5 Medium
Missing Authorization in GitHub repository hamza417/inure prior to build94.
CVE-2023-5320 2 Phpmyfaq, Thorsten 2 Phpmyfaq, Phpmyfaq 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CVE-2023-5319 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CVE-2023-5318 1 Microweber 1 Microweber 2024-11-21 7.5 High
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5317 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CVE-2023-5316 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CVE-2023-5313 1 Phpkobo 1 Ajax Poll Script 2024-11-21 5.3 Medium
A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability.
CVE-2023-5310 1 Silabs 3 Z-wave Long Range 700, Z-wave Long Range 800, Z-wave Software Development Kit 2024-11-21 5.7 Medium
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.
CVE-2023-5309 1 Puppet 1 Puppet Enterprise 2024-11-21 6.8 Medium
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
CVE-2023-5305 1 Anujk305 1 Online Banquet Booking System 2024-11-21 3.5 Low
A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944.
CVE-2023-5304 1 Anujk305 1 Online Banquet Booking System 2024-11-21 3.5 Low
A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943.
CVE-2023-5303 1 Phpgurukul 1 Online Banquet Booking System 2024-11-21 3.5 Low
A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability.
CVE-2023-5302 1 Mayurik 1 Best Courier Management System 2024-11-21 3.5 Low
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability.
CVE-2023-5301 1 Dedecms 1 Dedecms 2024-11-21 4.7 Medium
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940.
CVE-2023-5300 1 Ttsplanning 1 Ttsplanning 2024-11-21 6.3 Medium
A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939.
CVE-2023-5299 1 Fujielectric 1 Tellus Lite V-simulator 2024-11-21 7.3 High
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.