Total
2927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6556 | 1 Opennms | 1 Opennms | 2024-11-21 | 4.3 MEDIUM | 7.1 HIGH |
| OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. | |||||
| CVE-2016-6555 | 1 Opennms | 1 Opennms | 2024-11-21 | 4.3 MEDIUM | 7.1 HIGH |
| OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. | |||||
| CVE-2014-6447 | 1 Juniper | 1 Junos | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. | |||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | |||||
| CVE-2013-4225 | 1 Restful Web Services Project | 1 Restful Web Services | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | |||||
| CVE-2024-50522 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Redy Ru WeChat Subscribers Lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through 1.6.6. | |||||
| CVE-2024-52418 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CactusThemes Gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through 1.5.10. | |||||
| CVE-2024-50519 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visser Labs Jigoshop – Store Exporter allows Reflected XSS.This issue affects Jigoshop – Store Exporter: from n/a through 1.5.8. | |||||
| CVE-2024-50532 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jerin K Alexander Events Manager Pro – extended allows Reflected XSS.This issue affects Events Manager Pro – extended: from n/a through 0.1. | |||||
| CVE-2024-52417 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes ReConstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through 1.4.7. | |||||
| CVE-2024-45594 | 2024-11-15 | N/A | 7.7 HIGH | ||
| Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0. | |||||
| CVE-2024-52552 | 2024-11-15 | N/A | 8.0 HIGH | ||
| Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2024-45254 | 2024-11-15 | N/A | 7.5 HIGH | ||
| VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2024-51694 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Digfish Geotagged Media allows Reflected XSS.This issue affects Geotagged Media: from n/a through 0.3.0. | |||||
| CVE-2024-10676 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wojciech Borowicz Conversion Helper allows Reflected XSS.This issue affects Conversion Helper: from n/a through 1.12. | |||||
| CVE-2024-51710 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Minerva Infotech Responsive Data Table allows Reflected XSS.This issue affects Responsive Data Table: from n/a through 1.3. | |||||
| CVE-2024-51708 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narnoo Wordpress developer Narnoo Commerce Manager allows Reflected XSS.This issue affects Narnoo Commerce Manager: from n/a through 1.6.0. | |||||
| CVE-2024-51689 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tobias Conrad CF7 WOW Styler allows Reflected XSS.This issue affects CF7 WOW Styler: from n/a through 1.6.8. | |||||
| CVE-2024-51695 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fabrica Fabrica Synced Pattern Instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through 1.0.8. | |||||
| CVE-2024-51690 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Neelam Samariya Thakor Wp Slide Categorywise allows Reflected XSS.This issue affects Wp Slide Categorywise: from n/a through 1.1. | |||||