Total
28688 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44056 | 1 Cryoutcreations | 1 Mantra | 2024-09-23 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2. | |||||
| CVE-2024-44057 | 1 Cryoutcreations | 1 Nirvana | 2024-09-23 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3. | |||||
| CVE-2024-44058 | 1 Cryoutcreations | 1 Parabola | 2024-09-23 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1. | |||||
| CVE-2024-44054 | 1 Cryoutcreations | 1 Fluida | 2024-09-23 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8. | |||||
| CVE-2024-36148 | 1 Adobe | 1 Experience Manager | 2024-09-23 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2024-6941 | 1 Thinksaas | 1 Thinksaas | 2024-09-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/site_url/site_email/site_icp leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272063. | |||||
| CVE-2024-6942 | 1 Thinksaas | 1 Thinksaas | 2024-09-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272064. | |||||
| CVE-2024-6939 | 1 Xinhu | 1 Rockoa | 2024-09-20 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public/upload/tpl_upload.html. The manipulation of the argument callback leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271994 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-45595 | 1 Man | 1 D-tale | 2024-09-20 | N/A | 9.8 CRITICAL |
| D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default. | |||||
| CVE-2024-45592 | 1 Damienharper | 1 Auditor-bundle | 2024-09-20 | N/A | 6.1 MEDIUM |
| auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_label%` in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in versions 6.0.0 and 5.2.6. | |||||
| CVE-2023-4979 | 1 Librenms | 1 Librenms | 2024-09-20 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0. | |||||
| CVE-2024-43800 | 1 Openjsf | 1 Serve-static | 2024-09-20 | N/A | 4.7 MEDIUM |
| serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0. | |||||
| CVE-2024-43799 | 1 Send Project | 1 Send | 2024-09-20 | N/A | 4.7 MEDIUM |
| Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. | |||||
| CVE-2024-8776 | 1 Intumit | 2 Smartrobot, Smartrobot Firmware | 2024-09-20 | N/A | 6.1 MEDIUM |
| SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks. | |||||
| CVE-2024-43796 | 1 Openjsf | 1 Express | 2024-09-20 | N/A | 4.7 MEDIUM |
| Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0. | |||||
| CVE-2024-8863 | 1 Aimstack | 1 Aim | 2024-09-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8866 | 1 Autocms Project | 1 Autocms | 2024-09-20 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-50883 | 1 Onlyoffice | 1 Document Server | 2024-09-20 | N/A | 6.1 MEDIUM |
| ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446. | |||||
| CVE-2024-46970 | 1 Jetbrains | 1 Intellij Idea | 2024-09-20 | N/A | 6.1 MEDIUM |
| In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | |||||
| CVE-2024-45799 | 2024-09-20 | N/A | 7.3 HIGH | ||
| FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||