Total
28599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46238 | 2024-10-23 | N/A | 5.9 MEDIUM | ||
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php | |||||
| CVE-2024-48709 | 2024-10-23 | N/A | 5.4 MEDIUM | ||
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php | |||||
| CVE-2024-46239 | 2024-10-23 | N/A | 5.9 MEDIUM | ||
| Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. | |||||
| CVE-2024-46236 | 2024-10-23 | N/A | 5.4 MEDIUM | ||
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. | |||||
| CVE-2024-40088 | 2024-10-23 | N/A | 5.3 MEDIUM | ||
| A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request. | |||||
| CVE-2024-10197 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-23 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-46237 | 1 Phpgurukul | 1 Hospital Management System | 2024-10-22 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. | |||||
| CVE-2024-10142 | 1 Code-projects | 1 Blood Bank System | 2024-10-22 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9848 | 1 K2-service | 1 Product Customizer Light | 2024-10-22 | N/A | 5.4 MEDIUM |
| The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-10055 | 1 Ninjateam | 1 Click To Chat | 2024-10-22 | N/A | 5.4 MEDIUM |
| The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-10080 | 1 Newsignature | 1 Wp Easy Post Types | 2024-10-22 | N/A | 5.4 MEDIUM |
| The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-9452 | 1 Gurieveugen\&vitaliyshebela | 1 Branding | 2024-10-22 | N/A | 5.4 MEDIUM |
| The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-9892 | 1 Arelthiaphillips | 1 Add Widget After Content | 2024-10-22 | N/A | 4.8 MEDIUM |
| The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-10199 | 1 Code-projects | 1 Pharmacy Management | 2024-10-22 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. | |||||
| CVE-2024-10198 | 1 Code-projects | 1 Pharmacy Management | 2024-10-22 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well. | |||||
| CVE-2024-43300 | 1 Heimkino-praxis | 1 Movie Database | 2024-10-22 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bert Kößler Movie Database allows Stored XSS.This issue affects Movie Database: from n/a through 1.0.11. | |||||
| CVE-2024-9206 | 1 Madrasthemes | 1 Mas Companies For Wp Job Manager | 2024-10-22 | N/A | 6.1 MEDIUM |
| The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-9703 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2024-10-22 | N/A | 5.4 MEDIUM |
| The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-9366 | 1 Wpzest | 1 Easy Menu Manager | 2024-10-22 | N/A | 5.4 MEDIUM |
| The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-10192 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-10-22 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||