CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5056 matches found

CVE•added 2023/12/12 12:58 a.m.•39 views

CVE-2023-42476

SAP Business Objects Web Intelligence 420 is affected by an authenticated JavaScript injection (XSS) vulnerability in Web Intelligence documents. The issue allows an attacker to inject code that runs in a user’s browser when the vulnerable page is visited, potentially exposing data from reporting...

6.8CVSS6.5AI score0.00109EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/12/12 12:58 a.m.•16 views

CVE-2023-42476 Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that th...

6.8CVSS6.7AI score0.00109EPSS

Exploits0References2

CNNVD•added 2023/12/12 12:0 a.m.•3 views

Siemens Opcenter Quality 跨站脚本漏洞

Opcenter Quality is a quality management system QMS that enables organizations to safeguard compliance, optimize quality, reduce the cost of defects and rework, and achieve operational excellence by improving process stability. simatic pcs neo is a distributed control system DCS. the SINUMERIK...

7.1CVSS6.2AI score0.00121EPSS

Exploits0References4

Veracode•added 2023/12/11 6:28 a.m.•16 views

Cross Site Scripting

mediawiki/semantic-media-wiki is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization of input. This issue can be exploited by an attacker via injecting malicious JavaScript...

6.1CVSS6.7AI score0.00148EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2023/12/11 12:0 a.m.•4 views

PT-2023-28362 · Sap · Sap Business Objects Web Intelligence

Name of the Vulnerable Software and Affected Versions: SAP Business Objects Web Intelligence version 420 Description: The issue allows an authenticated attacker to inject JavaScript code into Web Intelligence documents, which is then executed in the victim's browser each time the vulnerable page ...

6.8CVSS6.7AI score0.00109EPSS

Exploits0References6

OSV•added 2023/12/09 7:15 a.m.•9 views

CVE-2023-28873

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor...

5.4CVSS6AI score

Exploits0References2

Prion•added 2023/12/09 7:15 a.m.•14 views

Cross site scripting

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor...

4.9CVSS6.1AI score0.00088EPSS

Exploits1References2Affected Software1

CVE•added 2023/12/09 12:0 a.m.•42 views

CVE-2023-28873

The CVE-2023-28873 entry concerns Seafile 9.0.6 with an XSS flaw in wiki and discussion pages that permits injecting JavaScript into the Markdown editor. The connected PT-Security advisory confirms the affected software and describes the vulnerability as an XSS vector in the Markdown editor, with...

5.4CVSS5.2AI score0.00088EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2023/12/08 12:0 a.m.•4 views

PT-2023-22023 · Seafile · Seafile

Name of the Vulnerable Software and Affected Versions: Seafile version 9.0.6 Description: An issue allows attackers to inject JavaScript into the Markdown editor in wiki and discussion pages. This is achieved through an XSS issue, which enables the execution of malicious scripts. Recommendations:...

5.4CVSS5.6AI score0.00088EPSS

Exploits1References7

OSV•added 2023/12/07 7:15 a.m.•1 views

CVE-2023-48206

A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...

6.1CVSS5.8AI score0.00106EPSS

Exploits3References1

NVD•added 2023/12/07 7:15 a.m.•11 views

CVE-2023-48206

A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...

6.1CVSS0.00106EPSS

Exploits3References1

OSV•added 2023/12/07 7:15 a.m.•2 views

CVE-2023-48208

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...

6.1CVSS5.8AI score0.00255EPSS

Exploits2References1

NVD•added 2023/12/07 7:15 a.m.•10 views

CVE-2023-48208

6.1CVSS0.00255EPSS

Exploits2References1

ATTACKERKB•added 2023/12/07 7:15 a.m.•1 views

CVE-2023-48208

6.1CVSS5.8AI score0.00255EPSS

Exploits2References2

Prion•added 2023/12/07 7:15 a.m.•14 views

Cross site scripting

A Cross Site Scripting XSS vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php...

5.8CVSS6.1AI score0.00106EPSS

Exploits3References1Affected Software1

OSV•added 2023/12/07 6:15 a.m.•3 views

CVE-2023-48172

A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...

5.4CVSS5.8AI score0.00116EPSS

Exploits3References3

NVD•added 2023/12/07 6:15 a.m.•8 views

CVE-2023-48172

A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...

5.4CVSS0.00116EPSS

Exploits3References3

Prion•added 2023/12/07 6:15 a.m.•19 views

Cross site scripting

A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...

4.9CVSS6.1AI score0.00116EPSS

Exploits3References3Affected Software1

CVE•added 2023/12/07 12:0 a.m.•33 views

CVE-2023-48208

CVE-2023-48208 concerns PHPJabbers Availability Booking Calendar v5.0. A stored Cross Site Scripting vulnerability exists in index.php that allows injecting JavaScript via the following parameters: name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name. This is the concre...

6.1CVSS6.2AI score0.00255EPSS

Exploits2References1Affected Software1

CNNVD•added 2023/12/07 12:0 a.m.•1 views

Availability Booking Calendar Cross-Site Scripting Vulnerability

PHPJabbers Availability Booking Calendar is a booking system. A cross-site scripting vulnerability exists in Availability Booking Calendar version 5.0, which originates from a vulnerability that allows an attacker to inject JavaScript injection into index.php...

6.1CVSS6.1AI score0.00255EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by