Search Results (364926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-43339 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVE-2023-43338 1 Cesanta 1 Mjs 2024-11-21 9.8 Critical
Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.
CVE-2023-43331 1 Small Crm Project 1 Small Crm 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-43326 1 Moosocial 1 Moosocial 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.
CVE-2023-43325 1 Moosocial 1 Moosocial 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.
CVE-2023-43323 1 Moosocial 1 Moosocial 2024-11-21 6.5 Medium
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].
CVE-2023-43322 1 Zpesystems 1 Nodegrid Os 2024-11-21 8.8 High
ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.
CVE-2023-43321 1 Dcnetworks 2 Dcfw-1800-sdc, Dcfw-1800-sdc Firmware 2024-11-21 8.8 High
File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component.
CVE-2023-43319 1 Icewarp 1 Webclient 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
CVE-2023-43309 1 Webmin 1 Webmin 2024-11-21 4.8 Medium
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
CVE-2023-43305 1 Linecorp 1 Line 2024-11-21 8.2 High
An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43302 1 Linecorp 1 Line 2024-11-21 8.2 High
An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43301 1 Linecorp 1 Line 2024-11-21 8.2 High
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43300 1 Linecorp 1 Line 2024-11-21 8.2 High
An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43299 1 Linecorp 1 Line 2024-11-21 5.3 Medium
An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43297 1 Linecorp 1 Line 2024-11-21 5.4 Medium
An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2023-43295 1 Clickstudios 1 Passwordstate 2024-11-21 3.5 Low
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.
CVE-2023-43291 1 Emlog 1 Emlog 2024-11-21 9.8 Critical
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component.
CVE-2023-43284 1 Dlink 2 Dir-846, Dir-846 Firmware 2024-11-21 8.8 High
D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter.
CVE-2023-43281 1 Nothings 1 Stb Image.h 2024-11-21 6.5 Medium
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.