Search Results (365174 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-44764 1 Concretecms 1 Concrete Cms 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings).
CVE-2023-44763 1 Concretecms 1 Concrete Cms 2024-11-21 5.4 Medium
Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the allowed file types in the default configuration.
CVE-2023-44762 1 Concretecms 1 Concrete Cms 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.
CVE-2023-44761 1 Concretecms 1 Concrete Cms 2024-11-21 5.4 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.
CVE-2023-44760 1 Concretecms 1 Concrete Cms 2024-11-21 4.8 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Also, the exploitation method claimed by "sromanhu" does not provide any access to a Concrete CMS session, because the Concrete CMS session cookie is configured as HttpOnly.
CVE-2023-44758 1 Gdidees 1 Gdidees Cms 2024-11-21 5.4 Medium
GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.
CVE-2023-44709 1 Sammycage 1 Plutosvg 2024-11-21 9.8 Critical
PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.
CVE-2023-44694 2 D-link, Dlink 3 Dar-7000, Dar-7000, Dar-7000 Firmware 2024-11-21 9.8 Critical
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php.
CVE-2023-44693 1 Dlink 2 Dar-7000, Dar-7000 Firmware 2024-11-21 9.8 Critical
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.
CVE-2023-44690 1 Dbcli 1 Mycli 2024-11-21 7.5 High
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py
CVE-2023-44689 1 E-gov 1 E-gov 2024-11-21 4.3 Medium
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.
CVE-2023-44488 4 Debian, Fedoraproject, Redhat and 1 more 8 Debian Linux, Fedora, Enterprise Linux and 5 more 2024-11-21 7.5 High
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVE-2023-44484 1 Projectworlds 1 Online Blood Donation Management System 2024-11-21 6.1 Medium
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
CVE-2023-44481 1 Projectworlds 1 Leave Management System 2024-11-21 8.8 High
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44480 1 Projectworlds 1 Leave Management System 2024-11-21 8.8 High
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44477 1 Boxystudio 1 Cooked 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions.
CVE-2023-44476 1 Wp-copyrightpro 1 Wp-copyrightpro 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.
CVE-2023-44474 1 Md Jakir Hosen 1 Tiger Forms - Drag And Drop Form Builder 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin <= 2.0.0 versions.
CVE-2023-44473 1 Dublue 1 Table Of Contents Plus 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions.
CVE-2023-44471 1 Kau-boys 1 Backend Localization 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions.