Total
29034 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34790 | 2024-06-03 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through 1.1.7. | |||||
| CVE-2024-35645 | 2024-06-03 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vinoth06 Random Banner allows Stored XSS.This issue affects Random Banner: from n/a through 4.2.8. | |||||
| CVE-2024-34766 | 2024-06-03 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic ChaosTheory allows Stored XSS.This issue affects ChaosTheory: from n/a through 1.3. | |||||
| CVE-2024-35642 | 2024-06-03 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2. | |||||
| CVE-2024-34794 | 2024-06-03 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.21.3. | |||||
| CVE-2024-34796 | 2024-06-03 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. | |||||
| CVE-2024-31889 | 2024-05-31 | N/A | 5.4 MEDIUM | ||
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136. | |||||
| CVE-2024-31908 | 2024-05-31 | N/A | 6.4 MEDIUM | ||
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. | |||||
| CVE-2024-31907 | 2024-05-31 | N/A | 5.4 MEDIUM | ||
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. | |||||
| CVE-2024-36372 | 2024-05-31 | N/A | 4.6 MEDIUM | ||
| In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible | |||||
| CVE-2024-36371 | 2024-05-31 | N/A | 4.6 MEDIUM | ||
| In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible | |||||
| CVE-2024-36370 | 2024-05-31 | N/A | 4.6 MEDIUM | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible | |||||
| CVE-2024-36369 | 2024-05-31 | N/A | 4.6 MEDIUM | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible | |||||
| CVE-2024-36368 | 2024-05-31 | N/A | 4.6 MEDIUM | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible | |||||
| CVE-2024-36367 | 2024-05-31 | N/A | 4.6 MEDIUM | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible | |||||
| CVE-2024-36366 | 2024-05-31 | N/A | 5.4 MEDIUM | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations | |||||
| CVE-2024-36363 | 2024-05-31 | N/A | 4.6 MEDIUM | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible | |||||
| CVE-2024-32877 | 2024-05-31 | N/A | 4.2 MEDIUM | ||
| Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting (XSS) vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). This issue lies in the mechanism for displaying function argument values in the stack trace. The vulnerability manifests when an argument's value exceeds 32 characters. For convenience, argument values exceeding this limit are truncated and displayed with an added "...". The full argument value becomes visible when hovering over it with the mouse, as it is displayed in the title attribute of a span tag. However, the use of a double quote (") allows an attacker to break out of the title attribute's value context and inject their own attributes into the span tag, including malicious JavaScript code through event handlers such as onmousemove. This vulnerability allows an attacker to execute arbitrary JavaScript code in the security context of the victim's site via a specially crafted link. This could lead to the theft of cookies (including httpOnly cookies, which are accessible on the page), content substitution, or complete takeover of user accounts. This issue has been addressed in version 2.0.50. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-5520 | 2024-05-30 | N/A | 6.4 MEDIUM | ||
| Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field. | |||||
| CVE-2022-43575 | 2024-05-30 | N/A | 5.4 MEDIUM | ||
| IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. | |||||