Total
39705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51306 | 1 Phpjabbers | 1 Event Ticketing System | 2025-11-04 | N/A | 5.4 MEDIUM |
| PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters. | |||||
| CVE-2023-51305 | 2025-11-04 | N/A | 5.4 MEDIUM | ||
| PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. | |||||
| CVE-2023-51303 | 1 Phpjabbers | 1 Event Ticketing System | 2025-11-04 | N/A | 6.1 MEDIUM |
| PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTML Injection in the "lid, name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | |||||
| CVE-2023-51300 | 1 Phpjabbers | 1 Hotel Booking System | 2025-11-04 | N/A | 6.1 MEDIUM |
| PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. | |||||
| CVE-2023-51299 | 1 Phpjabbers | 1 Hotel Booking System | 2025-11-04 | N/A | 6.1 MEDIUM |
| PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | |||||
| CVE-2023-51296 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-11-04 | N/A | 6.1 MEDIUM |
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows attackers to execute arbitrary code | |||||
| CVE-2023-49086 | 1 Cacti | 1 Cacti | 2025-11-04 | N/A | 5.4 MEDIUM |
| Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. The impact of the vulnerability is execution of arbitrary JavaScript code in the attacked user's browser. This issue has been patched in version 1.2.27. | |||||
| CVE-2023-48730 | 1 Wwbn | 1 Avideo | 2025-11-04 | N/A | 8.5 HIGH |
| A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2023-48728 | 1 Wwbn | 1 Avideo | 2025-11-04 | N/A | 9.6 CRITICAL |
| A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2023-47861 | 1 Wwbn | 1 Avideo | 2025-11-04 | N/A | 9.0 CRITICAL |
| A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2023-41710 | 1 Open-xchange | 1 Ox App Suite | 2025-11-04 | N/A | 5.4 MEDIUM |
| User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known. | |||||
| CVE-2023-41708 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-11-04 | N/A | 5.4 MEDIUM |
| References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known. | |||||
| CVE-2023-41704 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-11-04 | N/A | 7.1 HIGH |
| Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known. | |||||
| CVE-2023-41703 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-11-04 | N/A | 6.1 MEDIUM |
| User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known. | |||||
| CVE-2023-29052 | 1 Open-xchange | 1 Ox App Suite | 2025-11-04 | N/A | 5.4 MEDIUM |
| Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known. | |||||
| CVE-2025-2977 | 1 Gfi | 1 Kerio Connect | 2025-11-04 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in GFI KerioConnect 10.0.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-30166 | 1 Pimcore | 1 Admin Classic Bundle | 2025-11-04 | N/A | 4.8 MEDIUM |
| Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6. | |||||
| CVE-2025-29790 | 1 Contao | 1 Contao | 2025-11-04 | N/A | 5.4 MEDIUM |
| Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6. | |||||
| CVE-2024-40785 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-11-04 | N/A | 6.1 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2024-34500 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-11-04 | N/A | 6.1 MEDIUM |
| An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class. | |||||