CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2023-3970
Low

A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.0 that allows cross site scripting (XSS) attacks through manipulation of the img argument in the file /index.php?controller=GzUser&action=edit&id=1. The attack can be initiated remotely.

CVE-2023-3969
Low

A vulnerability has been found in GZ Scripts Availability Booking Calendar PHP 1.0 that allows cross site scripting (XSS) attacks through manipulation of the promo_code argument in the index.php file. The attack can be launched remotely.

CVE-2023-33229
LowEPSS 51%

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

CVE-2023-3947
Low

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This allows unauthenticated attackers to decrypt and view the meeting id and password.

CVE-2023-3945
Low

A vulnerability was found in phpscriptpoint Lawyer 1.6, classified as problematic. It affects an unknown part of the file search.php and leads to cross site scripting.

CVE-2023-38499
LowEPSS 54%

TYPO3 is a PHP-based content management system that had a vulnerability in versions from 9.4.0 to 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, allowing out-of-scope access to content in multi-site scenarios. This enabled visitors to access internal site content by manipulating HTTP query parameters in the URL.

CVE-2023-3944
Low

A vulnerability was found in phpscriptpoint Lawyer 1.6, affecting some unknown functionality of the file page.php. The manipulation leads to cross site scripting (XSS) attacks that can be launched remotely.

CVE-2023-3890
Low

A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 that allows cross site scripting via manipulation of the id argument in the /admin/edit-accepted-appointment.php file. The attack can be initiated remotely.

CVE-2023-3888
Low

A vulnerability was found in Campcodes Beauty Salon Management System 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the adminname argument in the /admin/admin-profile.php file.

CVE-2023-3887
Low

A vulnerability was found in Campcodes Beauty Salon Management System 1.0 that allows cross site scripting (XSS) attacks through manipulation of the searchdata argument in the /admin/search-appointment.php file. The attack can be launched remotely.

CVE-2023-3886
Low

A vulnerability was found in Campcodes Beauty Salon Management System 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the inv_id argument in the /admin/invoice.php file.

CVE-2023-3885
Low

A vulnerability was found in Campcodes Beauty Salon Management System 1.0 that allows cross site scripting attacks through manipulation of the id argument in the /admin/edit_category.php file.

CVE-2023-3884
Low

A vulnerability has been found in Campcodes Beauty Salon Management System 1.0, allowing cross site scripting through manipulation of the id argument in the /admin/edit_product.php file. The attack can be initiated remotely.

CVE-2023-3883
Low

A vulnerability classified as problematic was found in Campcodes Beauty Salon Management System 1.0. Manipulation of the 'name' argument in the /admin/add-category.php file leads to cross site scripting.

CVE-2023-37361
Low

REDCap versions 12.0.26 LTS and 12.3.2 Standard allow SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

CVE-2023-3748
Low

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages, leading to an infinite loop and causing a denial of service.

CVE-2023-3862
Low

A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0 in the Comment Box Handler functionality, allowing for cross-site scripting (XSS) attacks through manipulation of the comment argument. The attack may be launched remotely, but its exploitation is complex.

CVE-2023-3861
Low

A vulnerability was found in phpscriptpoint Insurance 1.2, affecting an unknown functionality of the file /search.php. The manipulation leads to cross site scripting (XSS) attacks.

CVE-2023-3860
Low

A vulnerability was found in phpscriptpoint Insurance 1.2, classified as problematic. It affects an unknown function of the file /page.php, leading to cross site scripting attacks.

CVE-2023-3858
Low

A vulnerability has been found in phpscriptpoint Car Listing version 1.6, affecting unknown code in the /search.php file. Manipulation of the argument country/state/city leads to cross site scripting.

PreviousPage 27 of 62Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS