Total
28674 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44047 | 1 Idxbroker | 1 Impress For Idx Broker | 2024-09-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS.This issue affects IMPress for IDX Broker: from n/a through 3.2.2. | |||||
| CVE-2024-44049 | 1 Themehunk | 1 Gutenberg Blocks | 2024-09-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7. | |||||
| CVE-2024-44050 | 1 Cryoutcreations | 1 Verbosa | 2024-09-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Verbosa allows Stored XSS.This issue affects Verbosa: from n/a through 1.2.3. | |||||
| CVE-2024-44051 | 1 Vanderwijk | 1 Content Blocks | 2024-09-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.5. | |||||
| CVE-2024-45451 | 1 Cryoutcreations | 1 Roseta | 2024-09-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Roseta allows Stored XSS.This issue affects Roseta: from n/a through 1.3.0. | |||||
| CVE-2024-43985 | 1 Mage-people | 1 Bus Ticket Booking With Seat Reservation | 2024-09-24 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.3.5. | |||||
| CVE-2017-9419 | 1 Webhammer | 1 Wp Custom Fields Search | 2024-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | |||||
| CVE-2024-43977 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-09-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2. | |||||
| CVE-2024-45399 | 1 Cern | 1 Indico | 2024-09-24 | N/A | 6.1 MEDIUM |
| Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the `next` URL. Exploitation requires initiating the account creation process with a maliciously crafted link, and then finalizing the signup process. Because of this, it can only target newly created (and thus unprivileged) Indico users. Indico 3.3.4 upgrades the dependency on Flask-Multipass to version 0.5.5, which fixes the issue. Those who build the Indico package themselves and cannot upgrade can update the `flask-multipass` dependency to `>=0.5.5` which fixes the vulnerability. Otherwise one could configure one's web server to disallow requests containing a query string with a `next` parameter that starts with `javascript:`. | |||||
| CVE-2024-46372 | 1 Dedecms | 1 Dedecms | 2024-09-24 | N/A | 6.1 MEDIUM |
| DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | |||||
| CVE-2024-3402 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-09-24 | N/A | 5.4 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers. | |||||
| CVE-2022-25774 | 1 Acquia | 1 Mautic | 2024-09-23 | N/A | 5.4 MEDIUM |
| Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. | |||||
| CVE-2024-8660 | 1 Concretecms | 1 Concrete Cms | 2024-09-23 | N/A | 4.8 MEDIUM |
| Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This does not affect versions below 9.0.0 since they do not have the Top Navigator Bar Block. Thanks, Chu Quoc Khanh for reporting. | |||||
| CVE-2024-6059 | 1 Ingenico | 1 Estate Management | 2024-09-23 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6058 | 1 Labvantage | 1 Laboratory Information Management System | 2024-09-23 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-43874 | 1 E107 | 1 E107 Cms | 2024-09-23 | N/A | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. | |||||
| CVE-2023-43879 | 1 Ritecms | 1 Ritecms | 2024-09-23 | N/A | 4.8 MEDIUM |
| Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. | |||||
| CVE-2023-41447 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-09-23 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. | |||||
| CVE-2023-41446 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-09-23 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. | |||||
| CVE-2024-46976 | 1 Backstage | 1 Backstage | 2024-09-23 | N/A | 5.4 MEDIUM |
| Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||