Total
28737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43317 | 2024-08-20 | N/A | 4.3 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0. | |||||
| CVE-2024-35592 | 2024-08-20 | N/A | 9.6 CRITICAL | ||
| An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-35582 | 2024-08-20 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field. | |||||
| CVE-2024-34240 | 2024-08-20 | N/A | 6.1 MEDIUM | ||
| QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records. | |||||
| CVE-2024-6578 | 1 Aimstack | 1 Aim | 2024-08-20 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab. | |||||
| CVE-2024-27728 | 2024-08-20 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. | |||||
| CVE-2024-5062 | 1 Zenml | 1 Zenml | 2024-08-20 | N/A | 6.1 MEDIUM |
| A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper validation of the 'redirect' parameter. Consequently, an attacker can execute arbitrary JavaScript code in the context of the user's browser session. This vulnerability could be exploited to steal cookies, potentially leading to account takeover. | |||||
| CVE-2024-28795 | 1 Ibm | 1 Infosphere Information Server | 2024-08-20 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832. | |||||
| CVE-2024-7686 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file register_case.php. The manipulation of the argument title/description/opposite_lawyer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7685 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/email/mobile/address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7684 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add_act.php. The manipulation of the argument aname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7683 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file addcase_stage.php. The manipulation of the argument cname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43810 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin | |||||
| CVE-2024-43809 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page | |||||
| CVE-2024-43808 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin | |||||
| CVE-2024-43807 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page | |||||
| CVE-2024-5933 | 1 Lollms | 1 Lollms Webui | 2024-08-19 | N/A | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser. | |||||
| CVE-2024-39242 | 1 Skycaiji | 1 Skycaiji | 2024-08-19 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). | |||||
| CVE-2024-39241 | 1 Skycaiji | 1 Skycaiji | 2024-08-19 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview. | |||||
| CVE-2024-28089 | 2024-08-19 | N/A | 5.2 MEDIUM | ||
| Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure. | |||||