Total
25564 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34420 | 2024-05-14 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in talspotim Comments Evolved for WordPress allows Stored XSS.This issue affects Comments Evolved for WordPress: from n/a through 1.6.3. | |||||
| CVE-2024-31444 | 2024-05-14 | N/A | 4.6 MEDIUM | ||
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. | |||||
| CVE-2024-34415 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit allows Stored XSS.This issue affects Thim Elementor Kit: from n/a through 1.1.8. | |||||
| CVE-2024-33953 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt van Andel Adventure Journal allows Stored XSS.This issue affects Adventure Journal: from n/a through 1.7.2. | |||||
| CVE-2024-34418 | 2024-05-14 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.This issue affects WPCS ( WordPress Custom Search ): from n/a through 1.1. | |||||
| CVE-2024-34437 | 2024-05-14 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24. | |||||
| CVE-2024-34426 | 2024-05-14 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5. | |||||
| CVE-2024-4724 | 2024-05-14 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, was found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/case-type. The manipulation of the argument case_type_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263802 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-4717 | 2024-05-14 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /model/update_classroom.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263795. | |||||
| CVE-2024-3794 | 2024-05-14 | N/A | 4.8 MEDIUM | ||
| Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. | |||||
| CVE-2024-4730 | 2024-05-14 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/judge. The manipulation of the argument judge_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263808. | |||||
| CVE-2024-4720 | 2024-05-14 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approve_petty_cash.php. The manipulation of the argument admin_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263798 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-4678 | 2024-05-14 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/find_friends.php. The manipulation of the argument my_type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263599. | |||||
| CVE-2024-3796 | 2024-05-14 | N/A | 4.8 MEDIUM | ||
| Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. | |||||
| CVE-2024-4735 | 2024-05-14 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tasks. The manipulation of the argument task_subject leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263821 was assigned to this vulnerability. | |||||
| CVE-2024-4685 | 2024-05-14 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/exam_timetable.php. The manipulation of the argument exam leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263626 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-4747 | 2024-05-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Propovoice Propovoice CRM allows Stored XSS.This issue affects Propovoice CRM: from n/a through 1.7.6.2. | |||||
| CVE-2024-4715 | 2024-05-14 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/update_grade.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263793 was assigned to this vulnerability. | |||||
| CVE-2024-35167 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.8. | |||||
| CVE-2024-4823 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session. | |||||