Total
29022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36647 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page. | |||||
| CVE-2024-36577 | 2024-07-03 | N/A | 8.3 HIGH | ||
| apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty. | |||||
| CVE-2024-35627 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key. | |||||
| CVE-2024-35595 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-35352 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/Users.php?f=save. Manipulating the parameter middlename results in cross-site scripting. | |||||
| CVE-2024-35351 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/SystemSettings.php?f=update_settings. Manipulating the parameter name results in cross-site scripting. | |||||
| CVE-2024-35110 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
| A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker. | |||||
| CVE-2024-34959 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
| DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. | |||||
| CVE-2024-34954 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter. | |||||
| CVE-2024-34909 | 1 Kykms | 1 Kykms | 2024-07-03 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-34582 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature. | |||||
| CVE-2024-34462 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Alinto SOGo through 5.10.0 allows XSS during attachment preview. | |||||
| CVE-2024-34255 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function. | |||||
| CVE-2024-34241 | 2024-07-03 | N/A | 4.8 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications. | |||||
| CVE-2024-34091 | 2024-07-03 | N/A | 7.3 HIGH | ||
| An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release. | |||||
| CVE-2024-34058 | 2024-07-03 | N/A | 8.8 HIGH | ||
| The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message). | |||||
| CVE-2024-33905 | 2024-07-03 | N/A | 4.6 MEDIUM | ||
| In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type. | |||||
| CVE-2024-33791 | 2024-07-03 | N/A | 4.6 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function. | |||||
| CVE-2024-33748 | 2024-07-03 | N/A | 4.1 MEDIUM | ||
| Cross-site scripting (XSS) vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier. | |||||
| CVE-2024-33670 | 2024-07-03 | N/A | 4.3 MEDIUM | ||
| Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page. | |||||