Total
28953 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41374 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php | |||||
CVE-2024-41357 | 2024-08-01 | N/A | 7.1 HIGH | ||
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. | |||||
CVE-2024-41356 | 2024-08-01 | N/A | 4.7 MEDIUM | ||
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php. | |||||
CVE-2024-41355 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. | |||||
CVE-2024-41354 | 2024-08-01 | N/A | 7.1 HIGH | ||
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php | |||||
CVE-2024-41353 | 2024-08-01 | N/A | 7.1 HIGH | ||
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php | |||||
CVE-2024-40741 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/. | |||||
CVE-2024-40738 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/. | |||||
CVE-2024-40732 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/. | |||||
CVE-2024-40729 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. | |||||
CVE-2024-40728 | 1 Netbox | 1 Netbox | 2024-08-01 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/. | |||||
CVE-2024-40576 | 2024-08-01 | N/A | 4.7 MEDIUM | ||
Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component. | |||||
CVE-2024-40492 | 2024-08-01 | N/A | 7.1 HIGH | ||
Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. | |||||
CVE-2024-3978 | 1 Andrewabarber | 1 Wordpress Jitsi Shortcode | 2024-08-01 | N/A | 5.4 MEDIUM |
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
CVE-2024-3977 | 1 Andrewabarber | 1 Wordpress Jitsi Shortcode | 2024-08-01 | N/A | 4.8 MEDIUM |
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
CVE-2024-3111 | 1 H5p | 1 H5p | 2024-08-01 | N/A | 5.4 MEDIUM |
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues | |||||
CVE-2024-39863 | 1 Apache | 1 Airflow | 2024-08-01 | N/A | 5.4 MEDIUM |
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue. | |||||
CVE-2024-39123 | 2024-08-01 | N/A | 5.4 MEDIUM | ||
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization. | |||||
CVE-2024-38963 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Title" and "AddProductReview.ReviewText" parameter(s) (Reviews) when creating a new review. | |||||
CVE-2024-37859 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. |