Total
35694 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7709 | 2024-08-17 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-38108 | 1 Microsoft | 1 Azure Stack Hub | 2024-08-16 | N/A | 9.3 CRITICAL |
| Azure Stack Hub Spoofing Vulnerability | |||||
| CVE-2024-38211 | 1 Microsoft | 1 Dynamics 365 | 2024-08-15 | N/A | 8.2 HIGH |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2024-7343 | 1 Baidu | 1 Ueditor | 2024-08-15 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7678 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_package. The manipulation of the argument name/description/training_duration leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7677 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument contact/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7657 | 1 Gilacms | 1 Gila Cms | 2024-08-15 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-33993 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'. | |||||
| CVE-2024-33992 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'. | |||||
| CVE-2024-33991 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'. | |||||
| CVE-2024-33990 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'. | |||||
| CVE-2024-33989 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'eventdate' and 'events' parameters in 'port/event_print.php'. | |||||
| CVE-2024-33985 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php'. | |||||
| CVE-2024-33986 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/department/index.php'. | |||||
| CVE-2024-33987 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate', 'YearLevel', 'eventdate', 'events', 'Users' and 'YearLevel' parameters in '/report/index.php'. | |||||
| CVE-2024-33988 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/report/attendance_print.php'. | |||||
| CVE-2024-33984 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/index.php'. | |||||
| CVE-2024-33983 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'. | |||||
| CVE-2024-33982 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'. | |||||
| CVE-2024-33978 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'. | |||||