Total
29022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33631 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. | |||||
| CVE-2024-33525 | 2024-07-03 | N/A | 4.3 MEDIUM | ||
| A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. | |||||
| CVE-2024-33424 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section. | |||||
| CVE-2024-33401 | 2024-07-03 | N/A | N/A | ||
| Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. | |||||
| CVE-2024-33306 | 2024-07-03 | N/A | 7.4 HIGH | ||
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. | |||||
| CVE-2024-33305 | 2024-07-03 | N/A | N/A | ||
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User. | |||||
| CVE-2024-33304 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. | |||||
| CVE-2024-33303 | 2024-07-03 | N/A | 8.2 HIGH | ||
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users. | |||||
| CVE-2024-33302 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users. | |||||
| CVE-2024-33300 | 2024-07-03 | N/A | 7.3 HIGH | ||
| Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | |||||
| CVE-2024-33113 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | |||||
| CVE-2024-33102 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. | |||||
| CVE-2024-33101 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter. | |||||
| CVE-2024-33007 | 2024-07-03 | N/A | 3.5 LOW | ||
| PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential security threat. | |||||
| CVE-2024-32745 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module. | |||||
| CVE-2024-32744 | 2024-07-03 | N/A | 4.6 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module. | |||||
| CVE-2024-32743 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module. | |||||
| CVE-2024-32674 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. | |||||
| CVE-2024-32405 | 2024-07-03 | N/A | 2.6 LOW | ||
| Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. | |||||
| CVE-2024-32392 | 2024-07-03 | N/A | 4.5 MEDIUM | ||
| Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component. | |||||