• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-24690
2023-02-16
N/A
5.4 MEDIUM
ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
CVE-2023-24689
2023-02-16
N/A
4.3 MEDIUM
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx
CVE-2023-24688
2023-02-16
N/A
5.3 MEDIUM
An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.
CVE-2023-24687
2023-02-16
N/A
5.4 MEDIUM
Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.
CVE-2023-24686
2023-02-16
N/A
4.8 MEDIUM
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.
CVE-2023-24685
2023-02-16
N/A
7.2 HIGH
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
CVE-2023-24684
2023-02-16
N/A
7.2 HIGH
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
CVE-2023-24648
2023-02-22
N/A
6.1 MEDIUM
Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php.
CVE-2023-24647
2023-02-22
N/A
7.5 HIGH
Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter.
CVE-2023-24646
2023-02-23
N/A
9.8 CRITICAL
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file.
« Previous 1 … 11,103 11,104 11,105 11,106 11,107 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE