Total
28759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41705 | 1 Archerirm | 1 Archer | 2024-08-01 | N/A | 5.4 MEDIUM |
| A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14.P4 (6.14.0.4) and 6.13 P4 (6.13.0.4) are also fixed releases. This vulnerability is similar to, but not identical to, CVE-2023-30639. | |||||
| CVE-2024-41640 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter. | |||||
| CVE-2024-41375 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
| ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php | |||||
| CVE-2024-41374 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
| ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php | |||||
| CVE-2024-41357 | 2024-08-01 | N/A | 7.1 HIGH | ||
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. | |||||
| CVE-2024-41356 | 2024-08-01 | N/A | 4.7 MEDIUM | ||
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php. | |||||
| CVE-2024-41355 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. | |||||
| CVE-2024-41354 | 2024-08-01 | N/A | 7.1 HIGH | ||
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php | |||||
| CVE-2024-41353 | 2024-08-01 | N/A | 7.1 HIGH | ||
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php | |||||
| CVE-2024-40741 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/. | |||||
| CVE-2024-40738 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/. | |||||
| CVE-2024-40732 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/. | |||||
| CVE-2024-40729 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. | |||||
| CVE-2024-40728 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/. | |||||
| CVE-2024-40576 | 2024-08-01 | N/A | 4.7 MEDIUM | ||
| Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component. | |||||
| CVE-2024-40492 | 2024-08-01 | N/A | 7.1 HIGH | ||
| Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. | |||||
| CVE-2024-3978 | 1 Andrewabarber | 1 Wordpress Jitsi Shortcode | 2024-08-01 | N/A | 5.4 MEDIUM |
| The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-3977 | 1 Andrewabarber | 1 Wordpress Jitsi Shortcode | 2024-08-01 | N/A | 4.8 MEDIUM |
| The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-3111 | 1 H5p | 1 H5p | 2024-08-01 | N/A | 5.4 MEDIUM |
| The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues | |||||
| CVE-2024-39863 | 1 Apache | 1 Airflow | 2024-08-01 | N/A | 5.4 MEDIUM |
| Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue. | |||||