Total
29007 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6528 | 1 Schneider-electric | 10 Modicon Lmc058, Modicon Lmc058 Firmware, Modicon M241 and 7 more | 2024-07-12 | N/A | 6.1 MEDIUM |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | |||||
| CVE-2024-4477 | 1 Onetarek | 1 Wp Logs Book | 2024-07-12 | N/A | 5.4 MEDIUM |
| The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting | |||||
| CVE-2024-40740 | 1 Netbox | 1 Netbox | 2024-07-12 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/. | |||||
| CVE-2024-40733 | 1 Netbox | 1 Netbox | 2024-07-12 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/. | |||||
| CVE-2024-40618 | 2024-07-12 | N/A | 9.6 CRITICAL | ||
| Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. | |||||
| CVE-2024-2375 | 1 2code | 1 Wpqa Builder | 2024-07-12 | N/A | 5.4 MEDIUM |
| The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-5942 | 1 Drelton | 1 Medialist | 2024-07-12 | N/A | 5.4 MEDIUM |
| The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-5343 | 1 Ays-pro | 1 Popup Box | 2024-07-12 | N/A | 4.8 MEDIUM |
| The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2023-2707 | 1 Gappointments | 1 Gappointments | 2024-07-12 | N/A | 4.8 MEDIUM |
| The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-37554 | 1 Codeastrology | 1 Ultraaddons | 2024-07-12 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6. | |||||
| CVE-2024-37553 | 1 Axelerant | 1 Testimonials Widget | 2024-07-12 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4. | |||||
| CVE-2024-5802 | 1 Mythemeshop | 1 Url Shortener | 2024-07-12 | N/A | 4.8 MEDIUM |
| The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-38971 | 1 Vaethink | 1 Vaethink | 2024-07-12 | N/A | 5.4 MEDIUM |
| vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. | |||||
| CVE-2024-6169 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor \(free Widgets\, Addons\, Templates\) | 2024-07-12 | N/A | 5.4 MEDIUM |
| The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-4667 | 1 Plugin-devs | 1 Blog\, Posts And Category Filter For Elementor | 2024-07-12 | N/A | 5.4 MEDIUM |
| The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6170 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor \(free Widgets\, Addons\, Templates\) | 2024-07-12 | N/A | 5.4 MEDIUM |
| The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6531 | 2024-07-12 | N/A | 6.4 MEDIUM | ||
| A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. | |||||
| CVE-2024-3798 | 2024-07-12 | N/A | N/A | ||
| Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery. This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. Phoniebox in version 3.0 and higher are not affected. | |||||
| CVE-2024-31365 | 2024-07-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a before 2.1.1. | |||||
| CVE-2024-5711 | 1 Stitionai | 1 Devika | 2024-07-11 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This vulnerability is due to the lack of input validation and sanitization on both the frontend and backend components of the application. Specifically, the application fails to sanitize user input in the chat feature, leading to the execution of arbitrary JavaScript code in the context of the user's browser session. This issue affects all versions of the application. The impact of this vulnerability includes the potential for stolen credentials, extraction of sensitive information from chat logs, projects, and other data accessible through the application. | |||||