Vulnerabilities (CVE)

Filtered by CWE-79
Total 28953 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-41374 2024-08-01 N/A 6.1 MEDIUM
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php
CVE-2024-41357 2024-08-01 N/A 7.1 HIGH
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
CVE-2024-41356 2024-08-01 N/A 4.7 MEDIUM
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php.
CVE-2024-41355 2024-08-01 N/A 6.5 MEDIUM
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.
CVE-2024-41354 2024-08-01 N/A 7.1 HIGH
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php
CVE-2024-41353 2024-08-01 N/A 7.1 HIGH
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php
CVE-2024-40741 1 Netbox 1 Netbox 2024-08-01 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/.
CVE-2024-40738 1 Netbox 1 Netbox 2024-08-01 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.
CVE-2024-40732 1 Netbox 1 Netbox 2024-08-01 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/.
CVE-2024-40729 1 Netbox 1 Netbox 2024-08-01 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/.
CVE-2024-40728 1 Netbox 1 Netbox 2024-08-01 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/.
CVE-2024-40576 2024-08-01 N/A 4.7 MEDIUM
Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component.
CVE-2024-40492 2024-08-01 N/A 7.1 HIGH
Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function.
CVE-2024-3978 1 Andrewabarber 1 Wordpress Jitsi Shortcode 2024-08-01 N/A 5.4 MEDIUM
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2024-3977 1 Andrewabarber 1 Wordpress Jitsi Shortcode 2024-08-01 N/A 4.8 MEDIUM
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-3111 1 H5p 1 H5p 2024-08-01 N/A 5.4 MEDIUM
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues
CVE-2024-39863 1 Apache 1 Airflow 2024-08-01 N/A 5.4 MEDIUM
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
CVE-2024-39123 2024-08-01 N/A 5.4 MEDIUM
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
CVE-2024-38963 2024-08-01 N/A 6.1 MEDIUM
Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Title" and "AddProductReview.ReviewText" parameter(s) (Reviews) when creating a new review.
CVE-2024-37859 2024-08-01 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.