Total
33218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49670 | 1 Samglover | 1 Client Power Tools | 2024-11-08 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sam Glover Client Power Tools Portal allows Reflected XSS.This issue affects Client Power Tools Portal: from n/a through 1.8.6. | |||||
| CVE-2024-49673 | 1 Latex2html | 1 Latex2html | 2024-11-08 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Van Abel LaTeX2HTML allows Reflected XSS.This issue affects LaTeX2HTML: from n/a through 2.5.4. | |||||
| CVE-2024-49692 | 1 Affiliatexblocks | 1 Affiliatex | 2024-11-08 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AffiliateX allows Stored XSS.This issue affects AffiliateX: from n/a through 1.2.9. | |||||
| CVE-2024-50439 | 1 Brainstormforce | 1 Astra Widgets | 2024-11-08 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14. | |||||
| CVE-2024-50438 | 1 Themoyles | 1 Church Admin | 2024-11-08 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Reflected XSS.This issue affects Church Admin: from n/a before 5.0.0. | |||||
| CVE-2024-49679 | 1 Wpkoi | 1 Wpkoi Templates For Elementor | 2024-11-08 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPKoi WPKoi Templates for Elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through 3.1.0. | |||||
| CVE-2024-49702 | 1 Mycred | 1 Mycred Elementor | 2024-11-08 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCRED myCred Elementor allows Stored XSS.This issue affects myCred Elementor: from n/a through 1.2.6. | |||||
| CVE-2024-50411 | 1 Kevonadonis | 1 Wp Abstracts | 2024-11-07 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1. | |||||
| CVE-2024-49642 | 1 Rafasashi | 1 Todo Custom Field | 2024-11-07 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafasashi Todo Custom Field allows Reflected XSS.This issue affects Todo Custom Field: from n/a through 3.0.4. | |||||
| CVE-2024-9443 | 1 Basticom | 1 Framework | 2024-11-07 | N/A | 5.4 MEDIUM |
| The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-50410 | 1 Kibokolabs | 1 Namaste\! Lms | 2024-11-07 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.4. | |||||
| CVE-2024-50409 | 1 Kibokolabs | 1 Namaste\! Lms | 2024-11-07 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.2. | |||||
| CVE-2024-50407 | 1 Kibokolabs | 1 Namaste\! Lms | 2024-11-07 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Reflected XSS.This issue affects Namaste! LMS: from n/a through 2.6.2. | |||||
| CVE-2024-10503 | 1 Klokantech | 1 Maptiler Tileserver Gl | 2024-11-07 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-50637 | 2024-11-07 | N/A | 5.4 MEDIUM | ||
| UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies. | |||||
| CVE-2024-8627 | 1 Joshlobe | 1 Ultimate Tinymce | 2024-11-06 | N/A | 5.4 MEDIUM |
| The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-10840 | 1 Romadebrian | 1 Web-sekolah | 2024-11-06 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Affected is an unknown function of the file /Admin/akun_edit.php of the component Backend. The manipulation of the argument kode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10842 | 1 Romadebrian | 1 Web-sekolah | 2024-11-06 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of the argument Username_Baru/Password leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-51683 | 1 Migaweb | 1 Custom Post Type Templates For Elementor | 2024-11-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Custom post type templates for Elementor allows Stored XSS.This issue affects Custom post type templates for Elementor: from n/a through 1.10.1. | |||||
| CVE-2024-51682 | 1 Hasthemes | 1 Ht Builder | 2024-11-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for Elementor: from n/a through 1.3.0. | |||||