Total
28698 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43792 | 1 Halo | 1 Halo | 2024-09-16 | N/A | 6.1 MEDIUM |
| Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. Users are advised to upgrade to version 2.17.0+. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-6052 | 1 Checkmk | 1 Checkmk | 2024-09-16 | N/A | 5.4 MEDIUM |
| Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements | |||||
| CVE-2024-40478 | 1 Jayesh | 1 Online Exam System | 2024-09-16 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields | |||||
| CVE-2024-44798 | 1 Anujk305 | 1 Bus Pass Management System | 2024-09-16 | N/A | 4.8 MEDIUM |
| phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. | |||||
| CVE-2024-38640 | 1 Qnap | 1 Download Station | 2024-09-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later | |||||
| CVE-2024-39926 | 2024-09-14 | N/A | 7.5 HIGH | ||
| An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact. | |||||
| CVE-2024-27122 | 1 Qnap | 1 Notes Station 3 | 2024-09-13 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later | |||||
| CVE-2024-32762 | 1 Qnap | 1 Qulog Center | 2024-09-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later | |||||
| CVE-2024-27125 | 1 Qnap | 1 Helpdesk | 2024-09-13 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later | |||||
| CVE-2024-45429 | 1 Wpengine | 1 Advanced Custom Fields | 2024-09-13 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's. | |||||
| CVE-2024-27126 | 1 Qnap | 1 Notes Station 3 | 2024-09-13 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later | |||||
| CVE-2024-5624 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session | |||||
| CVE-2024-45057 | 1 Portabilis | 1 I-educar | 2024-09-13 | N/A | 6.1 MEDIUM |
| i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at `ieducar/intranet/include/clsCampos.inc.php` does not properly validate or sanitize user-controlled input, leading to the vulnerability. Any page that uses this implementation is vulnerable, such as `intranet/educar_curso_lst.php?nm_curso=<payload>`, `intranet/atendidos_lst.php?nm_pessoa=<payload>`, `intranet/educar_abandono_tipo_lst?nome=<payload>`. Commit f2d768534aabc09b2a1fc8a5cc5f9c93925cb273 contains a patch for the issue. | |||||
| CVE-2024-45180 | 1 Squaredup | 1 Squaredup Ds For Scom | 2024-09-13 | N/A | 5.4 MEDIUM |
| SquaredUp DS for SCOM 6.2.1.11104 allows XSS. | |||||
| CVE-2024-8276 | 1 Wpzoom | 1 Wpzoom Portfolio | 2024-09-13 | N/A | 5.4 MEDIUM |
| The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6082 | 1 Phpvibe | 1 Phpvibe | 2024-09-13 | 3.3 LOW | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This issue affects some unknown processing of the file functionalities.global.php of the component Global Options Page. The manipulation of the argument site-logo-text leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268823. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-24386 | 1 Smartertools | 1 Smartertrack | 2024-09-13 | 3.5 LOW | 6.1 MEDIUM |
| Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2021-38122 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 8.2 HIGH |
| A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | |||||
| CVE-2024-44851 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-13 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | |||||
| CVE-2024-6018 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | N/A | 6.1 MEDIUM |
| The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||