Total
33149 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43793 | 1 Halo | 1 Halo | 2024-09-16 | N/A | 6.4 MEDIUM |
| Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. This vulnerability is fixed in 2.19.0. | |||||
| CVE-2024-43792 | 1 Halo | 1 Halo | 2024-09-16 | N/A | 6.1 MEDIUM |
| Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. Users are advised to upgrade to version 2.17.0+. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-40478 | 1 Jayesh | 1 Online Exam System | 2024-09-16 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields | |||||
| CVE-2024-44798 | 1 Anujk305 | 1 Bus Pass Management System | 2024-09-16 | N/A | 4.8 MEDIUM |
| phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. | |||||
| CVE-2024-38640 | 1 Qnap | 1 Download Station | 2024-09-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later | |||||
| CVE-2024-32762 | 1 Qnap | 1 Qulog Center | 2024-09-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later | |||||
| CVE-2024-27125 | 1 Qnap | 1 Helpdesk | 2024-09-13 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later | |||||
| CVE-2024-45429 | 1 Wpengine | 1 Advanced Custom Fields | 2024-09-13 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's. | |||||
| CVE-2024-5624 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session | |||||
| CVE-2024-45057 | 1 Portabilis | 1 I-educar | 2024-09-13 | N/A | 6.1 MEDIUM |
| i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at `ieducar/intranet/include/clsCampos.inc.php` does not properly validate or sanitize user-controlled input, leading to the vulnerability. Any page that uses this implementation is vulnerable, such as `intranet/educar_curso_lst.php?nm_curso=<payload>`, `intranet/atendidos_lst.php?nm_pessoa=<payload>`, `intranet/educar_abandono_tipo_lst?nome=<payload>`. Commit f2d768534aabc09b2a1fc8a5cc5f9c93925cb273 contains a patch for the issue. | |||||
| CVE-2024-45180 | 1 Squaredup | 1 Squaredup Ds For Scom | 2024-09-13 | N/A | 5.4 MEDIUM |
| SquaredUp DS for SCOM 6.2.1.11104 allows XSS. | |||||
| CVE-2024-8276 | 1 Wpzoom | 1 Wpzoom Portfolio | 2024-09-13 | N/A | 5.4 MEDIUM |
| The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2021-38122 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 8.2 HIGH |
| A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | |||||
| CVE-2024-44851 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-13 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | |||||
| CVE-2024-6018 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | N/A | 6.1 MEDIUM |
| The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||
| CVE-2024-6019 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | N/A | 6.1 MEDIUM |
| The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators | |||||
| CVE-2024-6700 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | |||||
| CVE-2024-6701 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | |||||
| CVE-2024-6702 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | |||||
| CVE-2020-24061 | 1 Kasdanet | 2 Kw5515, Kw5515 Firmware | 2024-09-13 | N/A | 4.3 MEDIUM |
| Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script | |||||