CWE-CWE-79 CVE - OpenCVE

Filtered by CWE-79

Total 29007 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2024-6484			2024-07-11	N/A	6.4 MEDIUM
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
CVE-2024-6485			2024-07-11	N/A	6.4 MEDIUM
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
CVE-2013-7231	1 Esri	1 Arcgis Server	2024-07-11	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
CVE-2013-5222	1 Esri	1 Arcgis Server	2024-07-11	3.5 LOW	N/A
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2024-40742	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add.
CVE-2024-40739	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add.
CVE-2024-40736	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add.
CVE-2024-40735	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/.
CVE-2024-40734	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/.
CVE-2024-40731	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/.
CVE-2024-40730	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/.
CVE-2024-40727	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/.
CVE-2024-40726	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/.
CVE-2024-40336			2024-07-11	N/A	6.1 MEDIUM
idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'
CVE-2024-40333			2024-07-11	N/A	8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2
CVE-2024-40036			2024-07-11	N/A	8.8 HIGH
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close
CVE-2024-39828			2024-07-11	N/A	6.1 MEDIUM
R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. This was fixed in a hotfix to 1.9.5 on 2024-06-29.
CVE-2024-38972	1 Netbox	1 Netbox	2024-07-11	N/A	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/.
CVE-2024-38959			2024-07-11	N/A	6.1 MEDIUM
Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter.
CVE-2024-36676			2024-07-11	N/A	7.5 HIGH
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.

Vulnerabilities (CVE)