CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 181200 / 395
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-43722 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43723 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43724 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43725 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43726 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43727 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43728 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43729 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43730 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43731 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "zone_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43732 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43733 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43734 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43735 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-43739 The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-43740 Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 8.8 1.21% 2023-09-28 2026-06-17
CVE-2023-44163 The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44164 The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44166 The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44173 Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. 5.4 0.34% 2023-09-28 2026-06-17
cvelogic Threat Intelligence