Total
28595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10477 | 2024-10-29 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability classified as problematic was found in LinZhaoguan pb-cms up to 2.0.1. This vulnerability affects unknown code of the file /admin#permissions of the component Permission Management Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-50410 | 2024-10-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.4. | |||||
| CVE-2024-49667 | 2024-10-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NervyThemes Local Business Addons For Elementor allows Stored XSS.This issue affects Local Business Addons For Elementor: from n/a through 1.1.5. | |||||
| CVE-2020-8549 | 1 Wpchill | 1 Strong Testimonials | 2024-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. | |||||
| CVE-2024-9350 | 1 Dpd | 1 Dpd Baltic Shipping | 2024-10-29 | N/A | 6.1 MEDIUM |
| The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-0726 | 1 Projectworlds | 1 Student Project Allocation System | 2024-10-29 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability. | |||||
| CVE-2024-37672 | 1 Tessi | 1 Docubase | 2024-10-29 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter. | |||||
| CVE-2024-10419 | 1 Fabianros | 1 Blood Bank Management System | 2024-10-29 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bloodrequest.php. The manipulation of the argument msg leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-5199 | 1 Wolfiezero | 1 Spotify Play Button | 2024-10-28 | N/A | 5.4 MEDIUM |
| The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-4924 | 2024-10-28 | N/A | 6.1 MEDIUM | ||
| The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-41911 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2024-10-28 | N/A | 5.4 MEDIUM |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation. | |||||
| CVE-2024-3966 | 1 Projectcaruso | 1 Pray For Me | 2024-10-28 | N/A | 6.1 MEDIUM |
| The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin | |||||
| CVE-2023-28604 | 1 Sitegeist | 1 Fluid Components | 2024-10-28 | N/A | 6.1 MEDIUM |
| The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases. | |||||
| CVE-2024-31971 | 1 Adtran | 2 Netvanta 3120, Netvanta 3120 Firmware | 2024-10-28 | N/A | 4.8 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. | |||||
| CVE-2024-6224 | 2024-10-28 | N/A | 5.9 MEDIUM | ||
| The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-48228 | 2024-10-28 | N/A | 6.1 MEDIUM | ||
| An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS). | |||||
| CVE-2024-35291 | 2024-10-28 | N/A | 6.1 MEDIUM | ||
| Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product. | |||||
| CVE-2024-5640 | 1 Bdthemes | 1 Prime Slider | 2024-10-28 | N/A | 5.4 MEDIUM |
| The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-40290 | 2024-10-28 | N/A | 8.3 HIGH | ||
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows. | |||||
| CVE-2024-46995 | 1 Basercms | 1 Basercms | 2024-10-28 | N/A | 6.1 MEDIUM |
| baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue. | |||||