Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41853 1 Wpicalavailability 1 Wp Ical Availability 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.
CVE-2023-41852 1 Mailmunch 1 Mailmunch 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.
CVE-2023-41851 1 Dotsquares 1 Wp Custom Post Template 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.
CVE-2023-41850 1 Sparro 1 Outbound Link Manager 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.
CVE-2023-41847 1 Wensolutions 1 Notice Bar 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions.
CVE-2023-41846 1 Siemens 1 Tecnomatix 2024-11-21 7.8 High
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
CVE-2023-41838 1 Fortinet 2 Fortianalyzer, Fortimanager 2024-11-21 6.9 Medium
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.
CVE-2023-41815 1 Pandorafms 1 Pandora Fms 2024-11-21 7.5 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774.
CVE-2023-41814 1 Pandorafms 1 Pandora Fms 2024-11-21 3.7 Low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774.
CVE-2023-41813 1 Pandorafms 1 Pandora Fms 2024-11-21 3 Low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774.
CVE-2023-41812 1 Artica 1 Pandora Fms 2024-11-21 5.7 Medium
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-41811 1 Artica 1 Pandora Fms 2024-11-21 5.3 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-41810 1 Artica 1 Pandora Fms 2024-11-21 4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-41807 1 Artica 1 Pandora Fms 2024-11-21 9.1 Critical
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-41806 1 Artica 1 Pandora Fms 2024-11-21 8.2 High
Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-41805 1 Brainstormforce 1 Starter Templates 2024-11-21 6.5 Medium
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.
CVE-2023-41801 1 Strategy11 1 Awp Classifieds 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.
CVE-2023-41800 1 Uniconsent 1 Cmp For Gdpr Cpra Gpp Tcf 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions.
CVE-2023-41797 1 Goldplugins 1 Locations 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions.
CVE-2023-41792 1 Artica 1 Pandora Fms 2024-11-21 5.9 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773.