Total
28741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6748 | 2 Debian, Jsoup | 2 Debian Linux, Jsoup | 2024-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | |||||
| CVE-2023-51800 | 2024-08-16 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter, add_new_parent function in the name email parameters, new_term function in the tname parameter, and the edit_student function in the name parameter. | |||||
| CVE-2017-9441 | 1 Bigtreecms | 1 Bigtree Cms | 2024-08-16 | 3.5 LOW | 2.7 LOW |
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." | |||||
| CVE-2024-21731 | 1 Joomla | 1 Joomla\! | 2024-08-16 | N/A | 6.1 MEDIUM |
| Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | |||||
| CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2024-08-16 | N/A | 6.1 MEDIUM |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | |||||
| CVE-2024-21730 | 1 Joomla | 1 Joomla\! | 2024-08-16 | N/A | 5.4 MEDIUM |
| The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | |||||
| CVE-2024-28623 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section. | |||||
| CVE-2024-27680 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form." | |||||
| CVE-2024-26542 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field. | |||||
| CVE-2024-25875 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. | |||||
| CVE-2024-25438 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. | |||||
| CVE-2024-25327 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function. | |||||
| CVE-2024-25175 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack. | |||||
| CVE-2024-24512 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component. | |||||
| CVE-2024-24035 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter. | |||||
| CVE-2023-49974 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list. | |||||
| CVE-2024-29471 | 1 Zhyd | 1 Oneblog | 2024-08-15 | N/A | 5.4 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. | |||||
| CVE-2024-29374 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter. | |||||
| CVE-2024-28683 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. | |||||
| CVE-2024-28680 | 2024-08-15 | N/A | 6.1 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. | |||||