Total
28737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25503 | 2024-08-19 | N/A | 4.7 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function. | |||||
| CVE-2024-24156 | 2024-08-19 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter. | |||||
| CVE-2023-40277 | 2024-08-19 | N/A | 6.1 MEDIUM | ||
| An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter. | |||||
| CVE-2022-25037 | 2024-08-19 | N/A | 5.4 MEDIUM | ||
| An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function. | |||||
| CVE-2024-6182 | 1 Labvantage | 1 Labvantage Lims | 2024-08-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page&page=LV_ViewSampleSpec&oosonly=Y&_sdialog=Y. The manipulation of the argument sdcid/keyid1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6181 | 1 Labvantage | 1 Labvantage Lims | 2024-08-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp&size=32. The manipulation of the argument height/width leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-43006 | 2024-08-19 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. When a user visits the ask/show_{newsid}.html page, the injected script is executed in the context of the user's browser, leading to potential theft of cookies, session tokens, or other sensitive information. | |||||
| CVE-2024-43005 | 2024-08-19 | N/A | 4.7 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-42758 | 2024-08-19 | N/A | 5.4 MEDIUM | ||
| A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS. | |||||
| CVE-2024-7815 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-08-19 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7814 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-08-19 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7812 | 1 Mayurik | 1 Best House Rental Management System | 2024-08-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-6533 | 1 Monospace | 1 Directus | 2024-08-19 | N/A | 5.4 MEDIUM |
| Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover. | |||||
| CVE-2024-7752 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-08-19 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /update_medicine.php. The manipulation of the argument medicine_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-35345 | 2024-08-19 | N/A | 5.4 MEDIUM | ||
| A vulnerability has been discovered in DiƱo Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting. | |||||
| CVE-2024-7008 | 1 Calibre-ebook | 1 Calibre | 2024-08-19 | N/A | 6.1 MEDIUM |
| Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. | |||||
| CVE-2024-7793 | 1 Rems | 1 Task Progress Tracker | 2024-08-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7914 | 1 Oretnom23 | 1 Yoga Class Registration System | 2024-08-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42678 | 1 Cysoft168 | 1 Super Easy Enterprise Management System | 2024-08-19 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component. | |||||
| CVE-2022-45176 | 1 Liveboxcloud | 1 Vdesk | 2024-08-19 | N/A | 5.4 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser. | |||||