Total
30498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3834 | 1 Bugfinder | 1 Ex-rate | 2024-08-02 | 3.5 Low |
| A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3755 | 1 Creativeitem | 1 Atlas | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filter_listings. The manipulation of the argument price-range leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234427. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3794 | 1 Bugfinder | 1 Chaincity | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected is an unknown function of the file /chaincity/user/ticket/create of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. VDB-235062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3787 | 1 Tiva Events Calendar Project | 1 Tiva Events Calendar | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235054 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-3757 | 1 Gzscripts | 1 Car Rental Php Script | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234432. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3754 | 1 Creativeitem | 1 Ekushey Project Manager | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Affected is an unknown function of the file /index.php/client/message/message_read/xxxxxxxx[random-msg-hash]. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-234426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3752 | 1 Creativeitem | 1 Academy Lms | 2024-08-02 | 3.5 Low |
| A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sort_by leads to cross site scripting. The attack may be launched remotely. VDB-234422 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3641 | 1 Nodcms | 1 Nodcms | 2024-08-02 | 4.3 Medium |
| A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument comment_name/comment_content leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233887. | ||||
| CVE-2023-3543 | 1 Gzscripts | 1 Availability Booking Calendar Php | 2024-08-02 | 3.5 Low |
| A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3659 | 1 Oretnom23 | 1 Ac Repair And Services System | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability. | ||||
| CVE-2023-3721 | 1 Lesterchan | 1 Wp-email | 2024-08-02 | 4.8 Medium |
| The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-3685 | 1 Nesote | 1 Inout Search Engine Ai Edition | 2024-08-02 | 3.5 Low |
| A vulnerability was found in Nesote Inout Search Engine AI Edition 1.1. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234231. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3726 | 1 Ocsinventory-ng | 1 Ocsinventory-ocsreports | 2024-08-02 | 4.9 Medium |
| OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | ||||
| CVE-2023-3647 | 1 Indigitall | 1 Iurny | 2024-08-02 | 4.8 Medium |
| The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-3588 | 1 3ds | 1 Teamwork Cloud No Magic Release | 2024-08-02 | 5.4 Medium |
| A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code. | ||||
| CVE-2023-3554 | 1 Gzscripts | 1 Gz Forum Script | 2024-08-02 | 3.5 Low |
| A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /preview.php. The manipulation of the argument catid/topicid/topic/topic_message/free_name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233348. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3556 | 1 Gzscripts | 1 Car Listing Script Php | 2024-08-02 | 3.5 Low |
| A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /preview.php. The manipulation of the argument page/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-233350 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3558 | 1 Gzscripts | 1 Event Booking Calendar | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic has been found in GZ Scripts Event Booking Calendar 1.8. Affected is an unknown function of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233352. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3541 | 1 Thinutech | 1 Thinu-cms | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability. | ||||
| CVE-2023-3562 | 1 Gzscripts | 1 Php Crm Platform | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||