Total
29034 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30926 | 2024-07-03 | N/A | 4.6 MEDIUM | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. | |||||
| CVE-2024-30925 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. | |||||
| CVE-2024-30921 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. | |||||
| CVE-2024-30920 | 2024-07-03 | N/A | 7.4 HIGH | ||
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. | |||||
| CVE-2024-30419 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product. | |||||
| CVE-2024-2697 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2024-29660 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. | |||||
| CVE-2024-29376 | 2024-07-03 | N/A | N/A | ||
| Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book. | |||||
| CVE-2024-29217 | 2024-07-03 | N/A | 4.6 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue. | |||||
| CVE-2024-28734 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter. | |||||
| CVE-2024-28722 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint | |||||
| CVE-2024-28063 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS. | |||||
| CVE-2024-27794 | 2024-07-03 | N/A | 4.3 MEDIUM | ||
| Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page. | |||||
| CVE-2024-27752 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function. | |||||
| CVE-2024-27593 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name field. This vulnerability has been fixed in version 3.23.0. | |||||
| CVE-2024-27314 | 2024-07-03 | N/A | 2.4 LOW | ||
| Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users. | |||||
| CVE-2024-25297 | 1 Bludit | 1 Bludit | 2024-07-03 | N/A | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. | |||||
| CVE-2024-24157 | 2024-07-03 | N/A | N/A | ||
| Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. | |||||
| CVE-2024-24130 | 1 Mail2world | 1 Mail2world | 2024-07-03 | N/A | 6.1 MEDIUM |
| Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp. | |||||
| CVE-2024-23188 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known. | |||||