Total
28698 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17442 | 1 Blackberry | 1 Unified Endpoint Manager | 2024-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link. | |||||
| CVE-2022-45375 | 1 Cyberchimps | 1 Ifeature Slider | 2024-09-17 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. | |||||
| CVE-2020-5000 | 1 Ibm | 1 Financial Transaction Manager | 2024-09-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. | |||||
| CVE-2022-0900 | 1 Netdatasoft | 1 Divvy Drive | 2024-09-17 | 3.5 LOW | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0. | |||||
| CVE-2022-2266 | 1 Yordam | 1 Library Automation System | 2024-09-16 | N/A | 6.1 MEDIUM |
| University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2 | |||||
| CVE-2021-36826 | 1 Wedevs | 1 Wp Project Manager | 2024-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. | |||||
| CVE-2023-46950 | 2024-09-16 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions. | |||||
| CVE-2022-27852 | 1 Wpchill | 1 Kb Support | 2024-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. | |||||
| CVE-2021-36827 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-16 | 3.5 LOW | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". | |||||
| CVE-2021-23209 | 1 Ampforwp | 1 Accelerated Mobile Pages | 2024-09-16 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). | |||||
| CVE-2021-36828 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2024-09-16 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions. | |||||
| CVE-2022-36965 | 1 Solarwinds | 1 Solarwinds Platform | 2024-09-16 | N/A | 6.1 MEDIUM |
| Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | |||||
| CVE-2021-44760 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2024-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions. | |||||
| CVE-2021-36823 | 1 Cusmin | 1 Absolutely Glamorous Custom Admin | 2024-09-16 | 3.5 LOW | 8.2 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin (WordPress plugin): from n/a through 6.8. | |||||
| CVE-2021-23150 | 1 Ampforwp | 1 Accelerated Mobile Pages | 2024-09-16 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions. | |||||
| CVE-2024-45856 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI. | |||||
| CVE-2024-45621 | 1 Rocket.chat | 1 Rocket.chat | 2024-09-16 | N/A | 5.4 MEDIUM |
| The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents. | |||||
| CVE-2024-28100 | 1 Elabftw | 1 Elabftw | 2024-09-16 | N/A | 5.4 MEDIUM |
| eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a list of experiments. Viewing this allows the malicious script to act on behalf of the visitor in any way, including the creation of API keys for persistence, or other options normally available to the user. If the user viewing the page has the sysadmin role in eLabFTW, the script can act as a sysadmin (including system configuration and extensive user management roles). Users are advised to upgrade to at least version 5.0.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2021-23174 | 1 Wpchill | 1 Download Monitor | 2024-09-16 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | |||||
| CVE-2024-43793 | 1 Halo | 1 Halo | 2024-09-16 | N/A | 6.4 MEDIUM |
| Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. This vulnerability is fixed in 2.19.0. | |||||