Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1500 | 1 Code-projects | 1 Simple Art Gallery | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400. | ||||
| CVE-2023-1507 | 1 E-commerce System Project | 1 E-commerce System | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ecommerce/admin/category/controller.php of the component Category Name Handler. The manipulation of the argument CATEGORY leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223411. | ||||
| CVE-2023-1515 | 1 Pimcore | 1 Pimcore | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-1496 | 1 Evilmartians | 1 Imgproxy | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. | ||||
| CVE-2023-1485 | 1 Young Entrepreneur E-negosyo System Project | 1 Young Entrepreneur E-negosyo System | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file /bsenordering/index.php of the component GET Parameter Handler. The manipulation of the argument category with the input <script>alert(222)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223371. | ||||
| CVE-2023-1410 | 2 Grafana, Redhat | 2 Grafana, Ceph Storage | 2024-08-02 | 6.2 Medium |
| Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. | ||||
| CVE-2023-1429 | 1 Pimcore | 1 Pimcore | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-1384 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2024-08-02 | 4.3 Medium |
| The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | ||||
| CVE-2023-1421 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 3.5 Low |
| A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter. | ||||
| CVE-2023-1397 | 1 Online Student Management System Project | 1 Online Student Management System | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222984. | ||||
| CVE-2023-1418 | 1 Friendly Island Pizza Website And Ordering System Project | 1 Friendly Island Pizza Website And Ordering System | 2024-08-02 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file cashconfirm.php of the component POST Parameter Handler. The manipulation of the argument transactioncode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223129 was assigned to this vulnerability. | ||||
| CVE-2023-1395 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2024-08-02 | 3.5 Low |
| A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222982 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1396 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-08-02 | 3.5 Low |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983. | ||||
| CVE-2023-1363 | 1 Computer Parts Sales And Inventory System Project | 1 Computer Parts Sales And Inventory System | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222870 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1353 | 1 Design And Implementation Of Covid-19 Directory On Vaccination System Project | 1 Design And Implementation Of Covid-19 Directory On Vaccination System | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852. | ||||
| CVE-2023-1354 | 1 Design And Implementation Of Covid-19 Directory On Vaccination System Project | 1 Design And Implementation Of Covid-19 Directory On Vaccination System | 2024-08-02 | 3.5 Low |
| A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability. | ||||
| CVE-2023-1315 | 1 Enhancesoft | 1 Osticket | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2023-1317 | 1 Enhancesoft | 1 Osticket | 2024-08-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2023-1319 | 1 Enhancesoft | 1 Osticket | 2024-08-02 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2023-1302 | 1 File Tracker Manager System Project | 1 File Tracker Management System | 2024-08-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222663. | ||||