Total
29012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40599 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 4.8 MEDIUM |
| An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-40604 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries. | |||||
| CVE-2024-40602 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-34481 | 1 Kontextwork | 1 Drupal Wiki | 2024-07-09 | N/A | 6.1 MEDIUM |
| drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page. | |||||
| CVE-2024-23998 | 1 Goanother | 1 Another Redis Desktop Manager | 2024-07-09 | N/A | 9.6 CRITICAL |
| goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue. | |||||
| CVE-2024-40605 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-34105 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-07-09 | N/A | 4.8 MEDIUM |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2024-39203 | 1 Zblogcn | 1 Z-blogphp | 2024-07-09 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-44315 | 1 Siemens | 1 Sinec Nms | 2024-07-09 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users. | |||||
| CVE-2022-29034 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. | |||||
| CVE-2024-6523 | 1 Zkteco | 1 Biotime | 2024-07-08 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input <script>alert('XSS')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270366 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-29318 | 1 Personal-management-system | 1 Personal Management System | 2024-07-08 | N/A | 5.4 MEDIUM |
| Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code. | |||||
| CVE-2024-39174 | 2024-07-08 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. | |||||
| CVE-2024-6526 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-07-08 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1b3da45308bb6c3f55247d0e99620b600bd85277. It is recommended to apply a patch to fix this issue. The identifier VDB-270369 was assigned to this vulnerability. | |||||
| CVE-2024-3276 | 1 Fooplugins | 1 Foobox | 2024-07-08 | N/A | 4.8 MEDIUM |
| The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-34452 | 2024-07-08 | N/A | 6.1 MEDIUM | ||
| CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document. | |||||
| CVE-2024-31839 | 2024-07-08 | N/A | 4.8 MEDIUM | ||
| Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. | |||||
| CVE-2024-2234 | 1 2code | 1 Himer | 2024-07-08 | N/A | 5.4 MEDIUM |
| The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-34349 | 2024-07-08 | N/A | 4.8 MEDIUM | ||
| Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The code will be executed while using an autocomplete field with one of the listed entities in the Admin Panel. Also for the taxons in the category tree on the product form.The issue is fixed in versions: 1.12.16, 1.13.1. | |||||
| CVE-2023-49188 | 1 Zealousweb | 1 Track Geolocation Of Users Using Contact Form 7 | 2024-07-08 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0. | |||||