Vulnerabilities (CVE)

Filtered by CWE-79
Total 28962 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-32332 2024-08-01 N/A 6.1 MEDIUM
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page.
CVE-2024-31741 2024-08-01 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.
CVE-2024-31649 2024-08-01 N/A 5.4 MEDIUM
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.
CVE-2024-31609 2024-08-01 N/A 7.1 HIGH
Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.
CVE-2024-31065 2024-08-01 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field.
CVE-2024-31061 2024-08-01 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field.
CVE-2024-30988 2024-08-01 N/A 6.8 MEDIUM
Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar.
CVE-2024-30987 2024-08-01 N/A 6.8 MEDIUM
Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters.
CVE-2024-30986 2024-08-01 N/A 6.5 MEDIUM
Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter.
CVE-2024-30979 2024-08-01 N/A 5.9 MEDIUM
Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php.
CVE-2024-30884 2024-08-01 N/A 7.1 HIGH
Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component.
CVE-2024-30880 2024-08-01 N/A 5.4 MEDIUM
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function.
CVE-2024-30848 2024-08-01 N/A 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in SilverSky E-mail service version 5.0.3126 allows remote attackers to inject arbitrary web script or HTML via the version parameter.
CVE-2024-2907 2024-08-01 N/A 6.8 MEDIUM
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-2640 1 Kibokolabs 1 Watu Quiz 2024-08-01 N/A 5.4 MEDIUM
The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2024-2430 1 Matteoenna 1 Website Content In Page Or Post 2024-08-01 N/A 5.4 MEDIUM
The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2024-29278 2024-08-01 N/A 6.5 MEDIUM
funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in "create a message ."
CVE-2024-28804 2024-08-01 N/A 7.1 HIGH
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST.
CVE-2024-28725 2024-08-01 N/A 7.1 HIGH
Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings.
CVE-2024-28676 2024-08-01 N/A 6.1 MEDIUM
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.