Total
39744 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51338 | 1 Phpjabbers | 1 Meeting Room Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page. | ||||
| CVE-2023-51337 | 1 Phpjabbers | 1 Event Ticketing System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index. | ||||
| CVE-2023-51335 | 1 Phpjabbers | 1 Cinema Booking System | 2025-11-04 | 6.5 Medium |
| PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | ||||
| CVE-2023-51330 | 1 Phpjabbers | 1 Cinema Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. | ||||
| CVE-2023-51328 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-11-04 | 5.4 Medium |
| PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. | ||||
| CVE-2023-51325 | 1 Phpjabbers | 1 Shared Asset Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | ||||
| CVE-2023-51318 | 1 Phpjabbers | 1 Bus Reservation System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | ||||
| CVE-2023-51315 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters. | ||||
| CVE-2023-51312 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter. | ||||
| CVE-2023-51306 | 1 Phpjabbers | 1 Event Ticketing System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters. | ||||
| CVE-2023-51305 | 1 Phpjabbers | 1 Car Park Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. | ||||
| CVE-2023-51303 | 1 Phpjabbers | 1 Event Ticketing System | 2025-11-04 | 6.1 Medium |
| PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTML Injection in the "lid, name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | ||||
| CVE-2023-51300 | 1 Phpjabbers | 1 Hotel Booking System | 2025-11-04 | 6.1 Medium |
| PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. | ||||
| CVE-2023-51299 | 1 Phpjabbers | 1 Hotel Booking System | 2025-11-04 | 6.1 Medium |
| PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | ||||
| CVE-2023-51296 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-11-04 | 6.1 Medium |
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows attackers to execute arbitrary code | ||||
| CVE-2023-49086 | 1 Cacti | 1 Cacti | 2025-11-04 | 5.4 Medium |
| Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. The impact of the vulnerability is execution of arbitrary JavaScript code in the attacked user's browser. This issue has been patched in version 1.2.27. | ||||
| CVE-2023-48730 | 1 Wwbn | 1 Avideo | 2025-11-04 | 8.5 High |
| A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2023-48728 | 1 Wwbn | 1 Avideo | 2025-11-04 | 9.6 Critical |
| A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2023-47861 | 1 Wwbn | 1 Avideo | 2025-11-04 | 9 Critical |
| A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2023-41710 | 1 Open-xchange | 1 Ox App Suite | 2025-11-04 | 5.4 Medium |
| User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known. | ||||