Total
29034 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5521 | 2024-05-30 | N/A | 6.4 MEDIUM | ||
| Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image. | |||||
| CVE-2022-43384 | 2024-05-30 | N/A | 4.6 MEDIUM | ||
| IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238645. | |||||
| CVE-2024-4645 | 2024-05-29 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability. | |||||
| CVE-2019-1218 | 1 Microsoft | 1 Outlook | 2024-05-29 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook iOS parses specially crafted email messages. | |||||
| CVE-2019-1203 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-05-29 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. | |||||
| CVE-2024-36373 | 2024-05-29 | N/A | 4.6 MEDIUM | ||
| In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible | |||||
| CVE-2024-36374 | 2024-05-29 | N/A | 4.6 MEDIUM | ||
| In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible | |||||
| CVE-2024-36110 | 2024-05-29 | N/A | 8.2 HIGH | ||
| ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on pypi). Users are advised to upgrade. There are no known workarounds for these issues. | |||||
| CVE-2024-35239 | 2024-05-29 | N/A | 2.7 LOW | ||
| Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of the patched versions (13.0.1, 12.2.2, 10.5.3, 8.13.13). | |||||
| CVE-2024-36109 | 2024-05-29 | N/A | 7.6 HIGH | ||
| CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows `<script>` tags to be included which execute when published. This issue has been addressed in commit `419862a9c9879c`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-35240 | 2024-05-29 | N/A | 5.4 MEDIUM | ||
| Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-24921 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-24920 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-24919 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-24891 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-23408 | 1 Microsoft | 1 Azure Hdinsights | 2024-05-29 | N/A | 4.5 MEDIUM |
| Azure Apache Ambari Spoofing Vulnerability | |||||
| CVE-2023-23383 | 1 Microsoft | 1 Azure Service Fabric | 2024-05-29 | N/A | 4.7 MEDIUM |
| Service Fabric Explorer Spoofing Vulnerability | |||||
| CVE-2023-38164 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-36886 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-36800 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 5.4 MEDIUM |
| Dynamics Finance and Operations Cross-site Scripting Vulnerability | |||||