Total
29022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5727 | 2024-07-03 | N/A | 4.7 MEDIUM | ||
| The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-5448 | 1 Mohsinrasool | 1 Paypal Pay Now\, Buy Now\, Donation And Cart Buttons Shortcode | 2024-07-03 | N/A | 5.4 MEDIUM |
| The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-5447 | 1 Mohsinrasool | 1 Paypal Pay Now\, Buy Now\, Donation And Cart Buttons Shortcode | 2024-07-03 | N/A | 4.8 MEDIUM |
| The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-5229 | 2024-07-03 | N/A | 6.4 MEDIUM | ||
| The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-5091 | 2024-07-03 | N/A | 7.4 HIGH | ||
| The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-4776 | 2024-07-03 | N/A | 8.2 HIGH | ||
| A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126. | |||||
| CVE-2024-4755 | 1 Erikeng | 1 Google Cse | 2024-07-03 | N/A | 4.8 MEDIUM |
| The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-4216 | 2024-07-03 | N/A | 7.4 HIGH | ||
| pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end. | |||||
| CVE-2024-3579 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. | |||||
| CVE-2024-3323 | 2024-07-03 | N/A | 8.3 HIGH | ||
| Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact. | |||||
| CVE-2024-38470 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /own.php. | |||||
| CVE-2024-37764 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| MachForm up to version 19 is affected by an authenticated stored cross-site scripting. | |||||
| CVE-2024-37732 | 1 Anchorcms | 1 Anchor Cms | 2024-07-03 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. | |||||
| CVE-2024-37680 | 1 Finesoft Project | 1 Finesoft | 2024-07-03 | N/A | 6.1 MEDIUM |
| Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl. | |||||
| CVE-2024-37679 | 1 Finesoft Project | 1 Finesoft | 2024-07-03 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter. | |||||
| CVE-2024-37674 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
| Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. | |||||
| CVE-2024-37673 | 1 Tessi | 1 Docubase | 2024-07-03 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter. | |||||
| CVE-2024-37623 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html component. | |||||
| CVE-2024-37622 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/flow.php. | |||||
| CVE-2024-36656 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. | |||||