Search Results (364424 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39711 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section.
CVE-2023-39710 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section.
CVE-2023-39709 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.
CVE-2023-39708 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.
CVE-2023-39707 1 Free And Open Source Inventory Management System Project 1 Free And Open Source Inventory Management System 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.
CVE-2023-39703 1 Typora 1 Typora 2024-11-21 6.1 Medium
A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file.
CVE-2023-39700 1 Icewarp 1 Mail Server 2024-11-21 6.1 Medium
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2023-39699 1 Icewarp 1 Mail Server 2024-11-21 9.8 Critical
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.
CVE-2023-39695 1 Elenos 3 Etg150, Etg150 Firmware, Etg150 Fm 2024-11-21 5.3 Medium
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.
CVE-2023-39685 1 Hjson 1 Hjson 2024-11-21 7.5 High
An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string.
CVE-2023-39681 1 Cuppacms 1 Cuppacms 2024-11-21 9.8 Critical
Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.
CVE-2023-39680 1 Sollace 1 Unicopia 2024-11-21 7.5 High
Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code.
CVE-2023-39678 1 Bdcom 3 Olt P3310d-2ac, P3310d-2ac, P3310d-2ac Firmware 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
CVE-2023-39676 1 Fieldthemes 1 Fieldpopupnewsletter 2024-11-21 6.1 Medium
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.
CVE-2023-39674 2 D-link, Dlink 3 Dir-880l, Dir-880l A1, Dir-880l A1 Firmware 2024-11-21 9.8 Critical
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets.
CVE-2023-39673 1 Tenda 2 Ac15, Ac15 Firmware 2024-11-21 9.8 Critical
Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().
CVE-2023-39672 1 Tenda 2 Wh450a, Wh450a Firmware 2024-11-21 9.8 Critical
Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets.
CVE-2023-39671 2 D-link, Dlink 3 Dir-880l, Dir-880l A1, Dir-880l A1 Firmware 2024-11-21 9.8 Critical
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be68.
CVE-2023-39670 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets.
CVE-2023-39669 2 D-link, Dlink 3 Dir-880l, Dir-880l A1, Dir-880l A1 Firmware 2024-11-21 7.5 High
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824.