Total
28765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5330 | 2024-08-01 | N/A | 6.4 MEDIUM | ||
| The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-35751 | 1 Cm-wp | 1 Woody Code Snippets | 2024-08-01 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad snippets: from n/a through 2.4.10. | |||||
| CVE-2024-37474 | 1 Automattic | 1 Newspack Ads | 2024-08-01 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1. | |||||
| CVE-2024-35755 | 1 Eltiempoen | 1 Weather Widget Pro | 2024-08-01 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40. | |||||
| CVE-2024-29029 | 2024-07-31 | N/A | 6.1 MEDIUM | ||
| memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file. | |||||
| CVE-2024-28798 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 6.1 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172. | |||||
| CVE-2024-28797 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136. | |||||
| CVE-2023-50964 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102. | |||||
| CVE-2024-28794 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831. | |||||
| CVE-2024-7299 | 2024-07-31 | 4.0 MEDIUM | 3.5 LOW | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273167. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. | |||||
| CVE-2024-36450 | 1 Webmin | 1 Webmin | 2024-07-31 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted. | |||||
| CVE-2024-34443 | 1 Themepunch | 1 Slider Revolution | 2024-07-31 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before 6.7.11. | |||||
| CVE-2024-6770 | 2024-07-31 | N/A | 7.2 HIGH | ||
| The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6725 | 2024-07-31 | N/A | 4.9 MEDIUM | ||
| The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with form editing permissions and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-41943 | 2024-07-31 | N/A | 4.6 MEDIUM | ||
| I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1. | |||||
| CVE-2024-5901 | 2024-07-31 | N/A | 6.4 MEDIUM | ||
| The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-5664 | 1 Sonaar | 1 Mp3 Audio Player For Music\, Radio \& Podcast | 2024-07-30 | N/A | 5.4 MEDIUM |
| The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-41707 | 1 Archerirm | 1 Archer | 2024-07-30 | N/A | 5.4 MEDIUM |
| An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2024-6907 | 1 Jkev | 1 Record Management System | 2024-07-30 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort.php. The manipulation of the argument sort leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271932. | |||||
| CVE-2024-6620 | 2024-07-30 | N/A | 3.5 LOW | ||
| Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. Honeywell recommends updating to the most recent version of this firmware, PC42 Printer Firmware Version 20.6 T10.20.060398. | |||||