Total
28765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28671 | 2024-08-01 | N/A | 8.8 HIGH | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php. | |||||
| CVE-2024-28402 | 2024-08-01 | N/A | 5.9 MEDIUM | ||
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | |||||
| CVE-2024-28157 | 2024-08-01 | N/A | 8.0 HIGH | ||
| Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | |||||
| CVE-2024-27558 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
| Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the settings. | |||||
| CVE-2024-27499 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
| Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option. | |||||
| CVE-2024-25506 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
| Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie. | |||||
| CVE-2024-25219 | 1 Task Manager In Php With Source Code Project | 1 Task Manager In Php With Source Code | 2024-08-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. | |||||
| CVE-2024-25208 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-08-01 | N/A | 5.4 MEDIUM |
| Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter. | |||||
| CVE-2024-23997 | 1 Lukasbach | 1 Yana | 2024-08-01 | N/A | 9.6 CRITICAL |
| Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. | |||||
| CVE-2024-23995 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container. | |||||
| CVE-2024-22444 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-08-01 | N/A | 6.1 MEDIUM |
| A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface. | |||||
| CVE-2024-1660 | 2024-08-01 | N/A | 4.8 MEDIUM | ||
| The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-44855 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file. | |||||
| CVE-2023-37539 | 1 Hcltech | 1 Domino | 2024-08-01 | N/A | 5.4 MEDIUM |
| The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. | |||||
| CVE-2020-27478 | 2024-08-01 | N/A | 7.1 HIGH | ||
| Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature. | |||||
| CVE-2024-6208 | 2024-08-01 | N/A | 6.4 MEDIUM | ||
| The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-41953 | 2024-08-01 | N/A | 4.3 MEDIUM | ||
| Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker, without privileges, could send out altered notifications that are part of the registration processes. An attacker could create a malicious link, where the injected code would be rendered as part of the email. On the user's detail page, the username was also not sanitized and would also render HTML, giving an attacker the same vulnerability. While it was possible to inject HTML including javascript, the execution of such scripts would be prevented by most email clients and the Content Security Policy in Console UI. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8 2.53.9, and 2.52.3. | |||||
| CVE-2024-6346 | 2024-08-01 | N/A | 6.4 MEDIUM | ||
| The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-39318 | 2024-08-01 | N/A | 5.4 MEDIUM | ||
| The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the upload. In effect, an attacker will have to trick an editor/administrator into uploading a strangely named file. | |||||
| CVE-2024-7302 | 2024-08-01 | N/A | 6.4 MEDIUM | ||
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file. | |||||