All Vulnerabilities

CVE-ID	Description	CVSS-Score
		V2	V3
CVE-2023-4986	A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with...	None	2.5
CVE-2023-4985	A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to b...	None	7.8
CVE-2023-4984	A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected...	None	6.5
CVE-2023-4983	A vulnerability was found in app1pro Shopicial up to 20230830. It has been declared as problematic. This vulnerability affects unknown code of the file search. The manipulation of the argument from with the input comment...	None	6.1
CVE-2023-4982	Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.	None	5.4
CVE-2023-4981	Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.	None	5.4
CVE-2023-4980	Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.	None	5.4
CVE-2023-4979	Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.	None	5.4
CVE-2023-4978	Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.	None	6.1
CVE-2023-4977	Code Injection in GitHub repository librenms/librenms prior to 23.9.0.	None	5.4
CVE-2023-4974	A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation...	None	9.8
CVE-2023-4973	A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Ha...	None	6.1
CVE-2023-4972	Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .	None	9.8
CVE-2023-4965	A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads ...	None	4.8
CVE-2023-4963	The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitiza...	None	5.4
CVE-2023-4959	A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The c...	None	6.5
CVE-2023-4951	A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1....	None	4.8
CVE-2023-4948	The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes ...	None	4.3
CVE-2023-4945	The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on ...	None	5.4
CVE-2023-4944	The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization an...	None	5.4

HPI-VDB — Database for IT-Attack Analysis