Total
28962 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-40576 | 2024-08-01 | N/A | 4.7 MEDIUM | ||
Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component. | |||||
CVE-2024-40492 | 2024-08-01 | N/A | 7.1 HIGH | ||
Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. | |||||
CVE-2024-3978 | 1 Andrewabarber | 1 Wordpress Jitsi Shortcode | 2024-08-01 | N/A | 5.4 MEDIUM |
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
CVE-2024-3977 | 1 Andrewabarber | 1 Wordpress Jitsi Shortcode | 2024-08-01 | N/A | 4.8 MEDIUM |
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
CVE-2024-3111 | 1 H5p | 1 H5p | 2024-08-01 | N/A | 5.4 MEDIUM |
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues | |||||
CVE-2024-39863 | 1 Apache | 1 Airflow | 2024-08-01 | N/A | 5.4 MEDIUM |
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue. | |||||
CVE-2024-39123 | 2024-08-01 | N/A | 5.4 MEDIUM | ||
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization. | |||||
CVE-2024-38963 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Title" and "AddProductReview.ReviewText" parameter(s) (Reviews) when creating a new review. | |||||
CVE-2024-37859 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. | |||||
CVE-2024-37798 | 2024-08-01 | N/A | 5.9 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field. | |||||
CVE-2024-37619 | 1 Strongshop | 1 Strongshop | 2024-08-01 | N/A | 6.1 MEDIUM |
StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php. | |||||
CVE-2024-36674 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php. | |||||
CVE-2024-35583 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field. | |||||
CVE-2024-34469 | 2024-08-01 | N/A | 7.1 HIGH | ||
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. | |||||
CVE-2024-34231 | 2024-08-01 | N/A | 7.1 HIGH | ||
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. | |||||
CVE-2024-33819 | 2024-08-01 | N/A | 4.6 MEDIUM | ||
Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Save Query function. | |||||
CVE-2024-33526 | 2024-08-01 | N/A | 7.1 HIGH | ||
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. | |||||
CVE-2024-33465 | 2024-08-01 | N/A | 7.1 HIGH | ||
Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. | |||||
CVE-2024-33371 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. | |||||
CVE-2024-32409 | 2024-08-01 | N/A | 7.1 HIGH | ||
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. |