Total
28754 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46935 | 1 Eyoucms | 1 Eyoucms | 2024-08-10 | N/A | 5.4 MEDIUM |
| eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. | |||||
| CVE-2023-40809 | 1 Opencrx | 1 Opencrx | 2024-08-10 | N/A | 6.1 MEDIUM |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. | |||||
| CVE-2024-4616 | 1 Devnath Verma | 1 Widget Bundle | 2024-08-09 | N/A | 6.1 MEDIUM |
| The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users | |||||
| CVE-2024-2404 | 1 Utopique | 1 Better Comments | 2024-08-09 | N/A | 5.4 MEDIUM |
| The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-7359 | 1 Oretnom23 | 1 Tracking Monitoring Management System | 2024-08-09 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_establishment. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273338 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-6930 | 1 Wpbookingcalendar | 1 Booking Calendar | 2024-08-08 | N/A | 5.4 MEDIUM |
| The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6896 | 1 Ampforwp | 1 Accelerated Mobile Pages | 2024-08-08 | N/A | 5.4 MEDIUM |
| The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-6706 | 2 Debian, Openwebui | 2 Debian Linux, Open Webui | 2024-08-08 | N/A | 6.1 MEDIUM |
| Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. | |||||
| CVE-2024-41239 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-08 | N/A | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field. | |||||
| CVE-2024-37888 | 1 Mlewand | 1 Open Link | 2024-08-08 | N/A | 6.1 MEDIUM |
| The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**. | |||||
| CVE-2024-34230 | 2024-08-08 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. | |||||
| CVE-2024-41242 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-08 | N/A | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | |||||
| CVE-2024-36397 | 1 Vantiva | 2 Mediaaccess Dga2232, Mediaaccess Dga2232 Firmware | 2024-08-08 | N/A | 6.1 MEDIUM |
| Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2024-34312 | 1 Moodle | 1 Virtual Programming Lab | 2024-08-08 | N/A | 6.1 MEDIUM |
| Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. | |||||
| CVE-2023-27636 | 1 Progress | 1 Sitefinity | 2024-08-08 | N/A | 5.4 MEDIUM |
| Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | |||||
| CVE-2024-7284 | 1 Oretnom23 | 1 Lot Reservation Management System | 2024-08-08 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273153 was assigned to this vulnerability. | |||||
| CVE-2024-5668 | 2024-08-08 | N/A | 6.4 MEDIUM | ||
| The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-5226 | 2024-08-08 | N/A | 6.4 MEDIUM | ||
| The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2003-5003 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2005-4161 | 1 Milliscripts | 1 Milliscripts | 2024-08-08 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating "No invalid input can reach the script." | |||||