Search Results (363719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33798 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33797 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33796 1 Netbox 1 Netbox 2024-11-21 9.1 Critical
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.
CVE-2023-33794 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33793 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33792 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33791 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33790 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33789 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33788 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33787 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33786 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33777 1 Prestashop 1 Amazon 2024-11-21 5.3 Medium
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack.
CVE-2023-33768 1 Belkin 2 Wemo Smart Plug Wsp080, Wemo Smart Plug Wsp080 Firmware 2024-11-21 6.5 Medium
Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.
CVE-2023-33756 1 Foswiki 1 Foswiki 2024-11-21 7.5 High
An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.
CVE-2023-33745 1 Teleadapt 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware 2024-11-21 9.8 Critical
TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).
CVE-2023-33744 1 Teleadapt 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware 2024-11-21 9.8 Critical
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671.
CVE-2023-33742 1 Teleadapt 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware 2024-11-21 7.5 High
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe.
CVE-2023-33706 1 Sysaid 1 Sysaid 2024-11-21 6.5 Medium
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
CVE-2023-33684 1 Dbbroadcast 3 Sft Dab 600\/c, Sft Dab 600\/c Bios, Sft Dab 600\/c Firmware 2024-11-21 5.7 Medium
Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.