Total
37144 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52526 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0. | |||||
| CVE-2024-50352 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0. | |||||
| CVE-2024-20538 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface on an affected system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2024-11246 | 1 Anisha | 1 Farmacia | 2024-11-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "nome" to be affected. But further inspection indicates that other parameters might be affected as well. | |||||
| CVE-2024-11098 | 2024-11-19 | N/A | 5.5 MEDIUM | ||
| The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-50522 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Redy Ru WeChat Subscribers Lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through 1.6.6. | |||||
| CVE-2024-52340 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marty Thornley Photographer Connections allows Stored XSS.This issue affects Photographer Connections: from n/a through 1.3.1. | |||||
| CVE-2024-11195 | 2024-11-19 | N/A | 6.4 MEDIUM | ||
| The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-51808 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pat O’Brien codeSnips allows Stored XSS.This issue affects codeSnips: from n/a through 1.2. | |||||
| CVE-2024-52343 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Offshorent Softwares Pvt. Ltd. | Jinesh.P.V OS Pricing Tables allows Stored XSS.This issue affects OS Pricing Tables: from n/a through 1.2. | |||||
| CVE-2024-50541 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Stored XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0. | |||||
| CVE-2024-51832 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plenigo Plenigo allows Stored XSS.This issue affects Plenigo: from n/a through 1.12.0. | |||||
| CVE-2024-50552 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Pancake Hover Video Preview allows Stored XSS.This issue affects Hover Video Preview: from n/a through 1.0.2. | |||||
| CVE-2024-51940 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sohelwpexpert WP Responsive Video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through 1.0. | |||||
| CVE-2024-52339 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mage Cast Mage Front End Forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through 1.1.4. | |||||
| CVE-2024-51807 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White Digital Ltd AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress allows Stored XSS.This issue affects AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress: from n/a through 1.0.8. | |||||
| CVE-2024-51809 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Rood Keymaster Chord Notation Free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through 1.0.2. | |||||
| CVE-2024-50553 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Classy Addons Classy Addons for Elementor allows DOM-Based XSS.This issue affects Classy Addons for Elementor: from n/a through 1.2.7. | |||||
| CVE-2024-52418 | 2024-11-19 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CactusThemes Gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through 1.5.10. | |||||
| CVE-2024-51804 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Matsuoka Moka Get Posts Shortcode allows DOM-Based XSS.This issue affects Moka Get Posts Shortcode: from n/a through 1.0. | |||||