Total
28962 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-32332 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. | |||||
CVE-2024-31741 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. | |||||
CVE-2024-31649 | 2024-08-01 | N/A | 5.4 MEDIUM | ||
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | |||||
CVE-2024-31609 | 2024-08-01 | N/A | 7.1 HIGH | ||
Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. | |||||
CVE-2024-31065 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. | |||||
CVE-2024-31061 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field. | |||||
CVE-2024-30988 | 2024-08-01 | N/A | 6.8 MEDIUM | ||
Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar. | |||||
CVE-2024-30987 | 2024-08-01 | N/A | 6.8 MEDIUM | ||
Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters. | |||||
CVE-2024-30986 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter. | |||||
CVE-2024-30979 | 2024-08-01 | N/A | 5.9 MEDIUM | ||
Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php. | |||||
CVE-2024-30884 | 2024-08-01 | N/A | 7.1 HIGH | ||
Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. | |||||
CVE-2024-30880 | 2024-08-01 | N/A | 5.4 MEDIUM | ||
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function. | |||||
CVE-2024-30848 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in SilverSky E-mail service version 5.0.3126 allows remote attackers to inject arbitrary web script or HTML via the version parameter. | |||||
CVE-2024-2907 | 2024-08-01 | N/A | 6.8 MEDIUM | ||
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
CVE-2024-2640 | 1 Kibokolabs | 1 Watu Quiz | 2024-08-01 | N/A | 5.4 MEDIUM |
The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
CVE-2024-2430 | 1 Matteoenna | 1 Website Content In Page Or Post | 2024-08-01 | N/A | 5.4 MEDIUM |
The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
CVE-2024-29278 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in "create a message ." | |||||
CVE-2024-28804 | 2024-08-01 | N/A | 7.1 HIGH | ||
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST. | |||||
CVE-2024-28725 | 2024-08-01 | N/A | 7.1 HIGH | ||
Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. | |||||
CVE-2024-28676 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php. |