CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2023-3536
Low

A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1, rated as problematic. It affects some unknown functionality of the file /preview.php of the URL Parameter Handler component, leading to cross site scripting attacks.

CVE-2023-3535
Low

A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3, affecting an unknown functionality of the file /preview.php in the URL Parameter Handler component. The manipulation leads to cross site scripting.

CVE-2023-3506
Low

A vulnerability was found in Active It Zone Active eCommerce CMS version 6.5.0, allowing cross-site scripting (XSS) attacks through manipulation of the 'details' argument in the /ecommerce/support_ticket file. Inputting the script <script>alert(1)</script> can lead to unauthorized code execution.

CVE-2023-3505
Low

A vulnerability was found in Onest CRM 1.0, classified as problematic. It affects an unknown part of the file /admin/project/update/2 of the component Project List Handler, where manipulation of the argument name with the input <script>alert(1)</script> leads to cross-site scripting.

CVE-2023-34450
Low

CometBFT has a deadlock issue caused by a modification in the serialization of the `PeerState` structure to JSON in versions 0.34.28 and 0.37.1. The deadlock can occur when calling the MarshallJSON function, leading to node halting or blocking one of the communication channels when invoking the RPC `dump_consensus_state`.

CVE-2023-3485
Low

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allow an attacker to craft a task token with access to a namespace other than the one specified in the request. This requires the namespace UUID and information from the workflow history for the target namespace.

CVE-2023-3477
Low

A vulnerability was found in RocketSoft Rocket LMS 1.7 affecting unknown code in the /contact/store file of the Contact Form component. Manipulation of the arguments name/subject/message leads to cross site scripting.

CVE-2023-3476
Low

A vulnerability was found in SimplePHPscripts GuestBook Script 2.2, classified as problematic. It affects an unknown part of the file preview.php of the component URL Parameter Handler, leading to cross-site scripting attacks.

CVE-2023-3475
Low

A vulnerability was found in SimplePHPscripts Event Script 2.1, affecting some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting.

CVE-2023-3474
Low

A vulnerability has been found in SimplePHPscripts Simple Blog 3.2, affecting an unknown functionality of the file preview.php in the URL Parameter Handler component. The manipulation leads to cross site scripting.

CVE-2023-3465
Low

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8, affecting an unknown functionality of the file user.php of the HTTP POST Request Handler component. Manipulation of the argument title leads to cross-site scripting.

CVE-2023-3464
Low

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8, classified as problematic. Manipulation of the argument 'p' in the /preview.php file leads to cross-site scripting.

CVE-2023-3436
Low

Xpdf version 4.04 can deadlock when processing a PDF object stream whose 'Length' field is in another object stream.

CVE-2023-35930
Low

SpiceDB, a Google Zanzibar-inspired database system, has an issue with negative authorization decisions using the `LookupResources` request in version 1.22.0. Users may incorrectly gain access to resources that should be blocked.

CVE-2023-35931
Low

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.

CVE-2023-3303
Low

Improper access control exists in the GitHub repository admidio/admidio prior to version 4.2.9.

CVE-2023-3382
Low

A vulnerability classified as problematic has been found in SourceCodester Game Result Matrix System 1.0. Manipulation of the argument del_name in the file /dipam/save-delegates.php leads to cross site scripting.

CVE-2023-3381
Low

A vulnerability was found in SourceCodester Online School Fees System 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the doj parameter in the /paysystem/datatable.php file. The attack can be launched remotely.

CVE-2023-34110
Low

Flask-AppBuilder is an application development framework that prior to version 4.3.2 had a vulnerability allowing an authenticated attacker with Admin privileges to trigger a database error by adding a special character in the add or edit User forms. This error could expose the entire user row, including the pbkdf2:sha256 hashed password.

CVE-2023-3318
Low

A vulnerability was found in SourceCodester Resort Management System 1.0 that leads to cross-site scripting (XSS) attacks through manipulation of the 'page' argument. The attack can be launched remotely.

PreviousPage 32 of 61Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS