Search Results (364935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-43457 1 Oretnom23 1 Service Provider Management System 2024-11-21 9.8 Critical
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.
CVE-2023-43456 1 Oretnom23 1 Service Provider Management System 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint.
CVE-2023-43455 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component.
CVE-2023-43453 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component.
CVE-2023-43382 1 Iteachyou 1 Dreamer Cms 2024-11-21 8.8 High
Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.
CVE-2023-43381 1 Tianchoy 1 Blog 2024-11-21 7.5 High
SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php
CVE-2023-43377 1 Digitaldruid 1 Hoteldruid 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
CVE-2023-43376 1 Digitaldruid 1 Hoteldruid 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
CVE-2023-43375 1 Digitaldruid 1 Hoteldruid 2024-11-21 9.8 Critical
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.
CVE-2023-43374 1 Digitaldruid 1 Hoteldruid 2024-11-21 9.8 Critical
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
CVE-2023-43373 1 Digitaldruid 1 Hoteldruid 2024-11-21 9.8 Critical
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
CVE-2023-43371 1 Digitaldruid 1 Hoteldruid 2024-11-21 9.8 Critical
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
CVE-2023-43364 1 Arjunsharda 1 Searchor 2024-11-21 9.8 Critical
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
CVE-2023-43360 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
CVE-2023-43359 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
CVE-2023-43358 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
CVE-2023-43357 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
CVE-2023-43356 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
CVE-2023-43355 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
CVE-2023-43354 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.