CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2023-3835
Low

A vulnerability has been found in Bug Finder MineStack 1.0 that allows cross site scripting (XSS) attacks through manipulation of the 'message' argument in the /user/ticket/create file of the Ticket Handler component.

CVE-2023-3834
Low

A vulnerability was found in Bug Finder EX-RATE 1.0, rated as problematic. It affects some unknown functionality of the file /user/ticket/create of the Ticket Handler component, where manipulation of the argument message leads to cross site scripting.

CVE-2023-3833
Low

A vulnerability was found in Bug Finder Montage 1.0, affecting an unknown functionality of the file /user/ticket/create in the Ticket Handler component. Manipulation of the argument message leads to cross site scripting.

CVE-2023-3832
Low

A vulnerability was found in Bug Finder Wedding Wonders 1.0, classified as problematic. It affects an unknown function of the file /user/ticket/create of the component Ticket Handler, where manipulation of the argument message leads to cross site scripting.

CVE-2023-3831
Low

A vulnerability was found in Bug Finder Finounce 1.0 affecting unknown processing of the file /user/ticket/create in the Ticket Handler component. Manipulation of the argument message leads to cross site scripting.

CVE-2023-3830
Low

A vulnerability was found in Bug Finder SASS BILLER 1.0, rated as problematic. This issue affects some unknown processing of the file /company/store, leading to cross-site scripting attacks.

CVE-2023-3829
Low

A vulnerability was found in Bug Finder ICOGenie 1.0 affecting unknown code in the /user/ticket/create file of the Support Ticket Handler component. Manipulation of the message argument leads to cross site scripting.

CVE-2023-3828
Low

A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0, classified as problematic. It affects an unknown part of the file /listplace/user/coverPhotoUpdate of the Photo Handler component, where manipulation of the argument user_cover_photo leads to cross site scripting.

CVE-2023-3827
Low

A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0, affecting some unknown functionality of the file /listplace/user/ticket/create in the HTTP POST Request Handler component. Manipulation of the argument message leads to cross-site scripting.

CVE-2023-3247
Low

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, and 8.2.* before 8.2.7, when using SOAP HTTP Digest Authentication, the random value generator was not checked for failure and was using a narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server.

CVE-2023-3603
LowEPSS 51%

A missing allocation check in the SFTP server processing read requests may lead to a NULL dereference under low memory conditions. A malicious client can request up to 4GB SFTP reads, potentially causing allocation of up to 4GB buffers without error checking.

CVE-2023-3815
Low

A vulnerability has been found in y_project RuoYi up to version 4.7.7, affecting the uploadFilesPath function of the File Upload component. Manipulation of the originalFilenames argument leads to cross site scripting.

CVE-2023-3803
Low

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 affecting an unknown part of the file /Service/ImageStationDataService.asmx. Manipulation of this part leads to insufficiently random values.

CVE-2023-3800
Low

A vulnerability was found in EasyAdmin8 version 2.0.2.2 that allows unrestricted file uploads. The issue affects an unknown function in the file /admin/index/index.html#/admin/mall.goods/index.html of the File Upload Module.

CVE-2023-3794
Low

A vulnerability has been found in the ChainCity Real Estate investment platform version 1.0 that allows cross site scripting attacks through manipulation of the 'subject' argument in the file /chaincity/user/ticket/create. The attack can be executed remotely.

CVE-2023-3790
Low

A vulnerability has been found in Boom CMS version 8.0.7 affecting the add function of the assets-manager component. Manipulation of the title/description arguments leads to cross site scripting attacks.

CVE-2023-3789
Low

A vulnerability was found in PaulPrinting CMS 2018 that allows cross site scripting (XSS) attacks by manipulating the argument 's' in the /account/delivery file of the Search component. The attack can be executed remotely.

CVE-2023-3788
Low

A vulnerability has been found in ActiveITzone Active Super Shop CMS 2.5 that allows cross site scripting (XSS) attacks through manipulation of the arguments name, phone, and address on the Manage Details Page. The attack can be initiated remotely.

CVE-2023-3787
Low

A vulnerability was found in Codecanyon Tiva Events Calender 1.4 that allows cross site scripting attacks through manipulation of the argument name. The attack can be initiated remotely.

CVE-2023-3785
Low

A vulnerability was found in PaulPrinting CMS 2018, rated as problematic. Manipulation of the arguments firstname/lastname/address/city/state leads to cross-site scripting attacks.

PreviousPage 30 of 63Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS