Total
28599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2278 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-34562 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box. | |||||
| CVE-2022-34560 | 2024-10-27 | N/A | 7.1 HIGH | ||
| A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter. | |||||
| CVE-2024-37392 | 1 Smseagle | 1 Smseagle | 2024-10-27 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI. | |||||
| CVE-2024-37031 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version. | |||||
| CVE-2024-30879 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. | |||||
| CVE-2024-21725 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. | |||||
| CVE-2024-48707 | 1 O-dyn | 1 Collabtive | 2024-10-25 | N/A | 5.4 MEDIUM |
| Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file. | |||||
| CVE-2024-48708 | 1 O-dyn | 1 Collabtive | 2024-10-25 | N/A | 5.4 MEDIUM |
| Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser. | |||||
| CVE-2024-46240 | 1 O-dyn | 1 Collabtive | 2024-10-25 | N/A | 4.8 MEDIUM |
| Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file. | |||||
| CVE-2024-48706 | 1 O-dyn | 1 Collabtive | 2024-10-25 | N/A | 5.4 MEDIUM |
| Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. | |||||
| CVE-2024-22855 | 1 Itssglobal | 1 Imlog | 2024-10-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | |||||
| CVE-2024-43573 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-25 | N/A | 8.1 HIGH |
| Windows MSHTML Platform Spoofing Vulnerability | |||||
| CVE-2024-48415 | 1 Loan Management System Project | 1 Loan Management System | 2024-10-25 | N/A | 5.0 MEDIUM |
| itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page. | |||||
| CVE-2024-48652 | 1 Tuzitio | 1 Camaleon Cms | 2024-10-25 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. | |||||
| CVE-2024-8500 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-10-25 | N/A | 5.4 MEDIUM |
| The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-10250 | 1 Steelthemes | 1 Nioland | 2024-10-25 | N/A | 6.1 MEDIUM |
| The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-30160 | 1 Mitel | 1 Micollab | 2024-10-25 | N/A | 4.8 MEDIUM |
| A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2024-30159 | 1 Mitel | 1 Micollab | 2024-10-25 | N/A | 4.8 MEDIUM |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2024-48927 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | N/A | 4.6 MEDIUM |
| Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue. As a workaround, derver-side file validation is available to strip script tags from file's content during the file upload process. | |||||