Total
28699 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44797 | 1 Gazelle Project | 1 Gazelle | 2024-09-06 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /managers/enable_requests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter. | |||||
| CVE-2024-42009 | 1 Roundcube | 1 Webmail | 2024-09-06 | N/A | 9.3 CRITICAL |
| A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | |||||
| CVE-2024-42008 | 1 Roundcube | 1 Webmail | 2024-09-06 | N/A | 9.3 CRITICAL |
| A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header. | |||||
| CVE-2024-38430 | 1 Matrix-globalservices | 1 Tafnit | 2024-09-06 | N/A | 6.1 MEDIUM |
| Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2024-41819 | 1 Enchantedcode | 1 Note Mark | 2024-09-06 | N/A | 5.4 MEDIUM |
| Note Mark is a web-based Markdown notes app. A stored cross-site scripting (XSS) vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1. | |||||
| CVE-2024-37522 | 1 Dcurasi | 1 Cc \& Bcc For Woocommerce Order Emails | 2024-09-06 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dario Curasì CC & BCC for Woocommerce Order Emails allows Stored XSS.This issue affects CC & BCC for Woocommerce Order Emails: from n/a through 1.4.1. | |||||
| CVE-2024-37521 | 1 Zww | 1 Zbench | 2024-09-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zwwooooo zBench allows Stored XSS.This issue affects zBench: from n/a through 1.4.2. | |||||
| CVE-2024-37519 | 1 Leap13 | 1 Premium Blocks For Gutenburg | 2024-09-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.27. | |||||
| CVE-2024-37514 | 1 Artistscope | 1 Copysafe Web Protection | 2024-09-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Stored XSS.This issue affects CopySafe Web Protection: from n/a through 3.14. | |||||
| CVE-2024-37495 | 1 Mediavine | 1 Create | 2024-09-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Create by Mediavine allows Stored XSS.This issue affects Create by Mediavine: from n/a through 1.9.7. | |||||
| CVE-2024-37489 | 1 Oceanwp | 1 Ocean Extra | 2024-09-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.2.9. | |||||
| CVE-2024-37488 | 1 Helloasso | 1 Helloasso | 2024-09-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.9. | |||||
| CVE-2024-41947 | 1 Xwiki | 1 Xwiki | 2024-09-06 | N/A | 5.4 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1. | |||||
| CVE-2024-6498 | 1 Micro.company | 1 Collect.chat | 2024-09-06 | N/A | 4.8 MEDIUM |
| The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-20488 | 1 Cisco | 1 Unified Communications Manager | 2024-09-06 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2024-6267 | 1 Oretnom23 | 1 Service Provider Management System | 2024-09-06 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269479. | |||||
| CVE-2024-6273 | 1 Oretnom23 | 1 Clinic Queuing System | 2024-09-06 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269485 was assigned to this vulnerability. | |||||
| CVE-2024-6892 | 1 Journyx | 1 Journyx | 2024-09-06 | N/A | 6.1 MEDIUM |
| Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. | |||||
| CVE-2024-8119 | 1 Wpextended | 1 Wp Extended | 2024-09-06 | N/A | 6.1 MEDIUM |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-8117 | 1 Wpextended | 1 Wp Extended | 2024-09-06 | N/A | 6.1 MEDIUM |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||