Vulnerabilities (CVE)

Filtered by CWE-79
Total 28962 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-40576 2024-08-01 N/A 4.7 MEDIUM
Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component.
CVE-2024-40492 2024-08-01 N/A 7.1 HIGH
Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function.
CVE-2024-3978 1 Andrewabarber 1 Wordpress Jitsi Shortcode 2024-08-01 N/A 5.4 MEDIUM
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2024-3977 1 Andrewabarber 1 Wordpress Jitsi Shortcode 2024-08-01 N/A 4.8 MEDIUM
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-3111 1 H5p 1 H5p 2024-08-01 N/A 5.4 MEDIUM
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues
CVE-2024-39863 1 Apache 1 Airflow 2024-08-01 N/A 5.4 MEDIUM
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
CVE-2024-39123 2024-08-01 N/A 5.4 MEDIUM
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
CVE-2024-38963 2024-08-01 N/A 6.1 MEDIUM
Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Title" and "AddProductReview.ReviewText" parameter(s) (Reviews) when creating a new review.
CVE-2024-37859 2024-08-01 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.
CVE-2024-37798 2024-08-01 N/A 5.9 MEDIUM
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.
CVE-2024-37619 1 Strongshop 1 Strongshop 2024-08-01 N/A 6.1 MEDIUM
StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php.
CVE-2024-36674 2024-08-01 N/A 6.1 MEDIUM
LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php.
CVE-2024-35583 2024-08-01 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field.
CVE-2024-34469 2024-08-01 N/A 7.1 HIGH
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
CVE-2024-34231 2024-08-01 N/A 7.1 HIGH
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter.
CVE-2024-33819 2024-08-01 N/A 4.6 MEDIUM
Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Save Query function.
CVE-2024-33526 2024-08-01 N/A 7.1 HIGH
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.
CVE-2024-33465 2024-08-01 N/A 7.1 HIGH
Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component.
CVE-2024-33371 2024-08-01 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component.
CVE-2024-32409 2024-08-01 N/A 7.1 HIGH
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.