CVE-2023-47096
An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.
Source: CVE-2023-47096
CVE-2023-47097
CVE-2023-47097
An issue was discovered in Virtualmin 7.7. The Server Templates feature under System Settings allows XSS.
Source: CVE-2023-47097
CVE-2023-47098
CVE-2023-47098
An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Create Extra Administrator tab via the "Real name or description" field.
Source: CVE-2023-47098
CVE-2023-47099
CVE-2023-47099
An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.
Source: CVE-2023-47099
CVE-2023-46278
CVE-2023-46278
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.
Source: CVE-2023-46278
CVE-2023-39695
CVE-2023-39695
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.
Source: CVE-2023-39695
CVE-2023-37833
CVE-2023-37833
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.
Source: CVE-2023-37833
CVE-2023-46378
CVE-2023-46378
Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.
Source: CVE-2023-46378
CVE-2023-44486
CVE-2023-44486
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The ‘address’ parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
Source: CVE-2023-44486
CVE-2023-5306
CVE-2023-5306
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The ‘city’ parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
Source: CVE-2023-5306