Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364838 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23177 1 Mediawiki 1 Mediawiki 2025-06-03 6.1 Medium
An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
CVE-2024-23173 1 Mediawiki 1 Mediawiki 2025-06-03 6.1 Medium
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.
CVE-2024-22494 1 Jfinalcms Project 1 Jfinalcms 2025-06-03 5.4 Medium
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22492 1 Jfinalcms Project 1 Jfinalcms 2025-06-03 5.4 Medium
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22028 1 3rrr-btob 12 3r-tmc01, 3r-tmc01 Firmware, 3r-tmc02 and 9 more 2025-06-03 4.6 Medium
Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.
CVE-2023-6843 1 Easy.jobs 1 Easy.jobs 2025-06-03 4.3 Medium
The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.
CVE-2024-35058 1 Nasa 1 Ait Core 2025-06-03 7.5 High
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string.
CVE-2023-6050 1 Estatik 1 Estatik 2025-06-03 6.1 Medium
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-6049 1 Estatik 1 Estatik 2025-06-03 9.8 Critical
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog
CVE-2023-6048 1 Estatik 1 Estatik 2025-06-03 6.5 Medium
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset
CVE-2023-5691 1 Collect.chat 1 Chatbot 2025-06-03 4.4 Medium
The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2023-51804 1 Rymcu 1 Forest 2025-06-03 7.5 High
An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.
CVE-2023-51071 1 Qstar 1 Archive Storage Manager 2025-06-03 6.5 Medium
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link.
CVE-2023-51068 1 Qstar 1 Archive Storage Manager 2025-06-03 5.4 Medium
An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.
CVE-2023-51063 1 Qstar 1 Archive Storage Manager 2025-06-03 8.8 High
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.
CVE-2023-50919 1 Gl-inet 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more 2025-06-03 9.8 Critical
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
CVE-2023-50440 1 Primx 3 Zed\!, Zedmail, Zonecentral 2025-06-03 5.5 Medium
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
CVE-2023-50072 1 Openkm 1 Openkm 2025-06-03 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS.
CVE-2023-49262 1 Hongdian 2 H8951-4g-esp, H8951-4g-esp Firmware 2025-06-03 9.8 Critical
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.
CVE-2023-49260 1 Hongdian 2 H8951-4g-esp, H8951-4g-esp Firmware 2025-06-03 6.1 Medium
An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255.