Total
29022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31401 | 2024-07-03 | N/A | 9.0 CRITICAL | ||
| Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product. | |||||
| CVE-2024-30989 | 2024-07-03 | N/A | N/A | ||
| Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter. | |||||
| CVE-2024-30953 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module. | |||||
| CVE-2024-30951 | 2024-07-03 | N/A | N/A | ||
| FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php. | |||||
| CVE-2024-30950 | 2024-07-03 | N/A | 3.5 LOW | ||
| A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php. | |||||
| CVE-2024-30931 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Stored Cross Site Scripting vulnerability in Emby Media Server Emby Media Server 4.8.3.0 allows a remote attacker to escalate privileges via the notifications.html component. | |||||
| CVE-2024-30929 | 2024-07-03 | N/A | 8.0 HIGH | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php | |||||
| CVE-2024-30927 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. | |||||
| CVE-2024-30926 | 2024-07-03 | N/A | 4.6 MEDIUM | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. | |||||
| CVE-2024-30925 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. | |||||
| CVE-2024-30921 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. | |||||
| CVE-2024-30920 | 2024-07-03 | N/A | 7.4 HIGH | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. | |||||
| CVE-2024-30419 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product. | |||||
| CVE-2024-2697 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2024-29660 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. | |||||
| CVE-2024-29376 | 2024-07-03 | N/A | N/A | ||
| Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book. | |||||
| CVE-2024-29217 | 2024-07-03 | N/A | 4.6 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue. | |||||
| CVE-2024-28734 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter. | |||||
| CVE-2024-28722 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint | |||||
| CVE-2024-28063 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS. | |||||