Total
28699 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24198 | 1 Stock Management System Project | 1 Stock Management System | 2024-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | |||||
| CVE-2024-44728 | 1 Angeljudesuarez | 1 Event Management System | 2024-09-06 | N/A | 6.1 MEDIUM |
| Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php. | |||||
| CVE-2024-8473 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php. | |||||
| CVE-2024-8472 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php. | |||||
| CVE-2024-8471 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php. | |||||
| CVE-2023-46925 | 1 Reportico | 1 Reportico | 2024-09-05 | N/A | 4.8 MEDIUM |
| Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-44954 | 1 Bigtreecms | 1 Bigtree Cms | 2024-09-05 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. | |||||
| CVE-2024-37558 | 1 Nihal | 1 Wpfavicon | 2024-09-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1. | |||||
| CVE-2024-37557 | 1 Sohamsolution | 1 Wp Cookie Law Info | 2024-09-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Soham Web Solution WP Cookie Law Info allows Stored XSS.This issue affects WP Cookie Law Info: from n/a through 1.1. | |||||
| CVE-2024-37556 | 1 Seedprod | 1 Wordpress Notification Bar | 2024-09-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd WordPress Notification Bar allows Stored XSS.This issue affects WordPress Notification Bar: from n/a through 1.3.10. | |||||
| CVE-2024-37552 | 1 Inisev | 1 Social Media Share Buttons \& Social Sharing Icons | 2024-09-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Inisev Social Media & Share Icons allows Stored XSS.This issue affects Social Media & Share Icons: from n/a through 2.9.1. | |||||
| CVE-2024-37551 | 1 Perials | 1 Simple Social Share | 2024-09-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Perials Simple Social Share allows Stored XSS.This issue affects Simple Social Share: from n/a through 3.0. | |||||
| CVE-2024-37549 | 1 Pdfcrowd | 1 Save As Pdf | 2024-09-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.0.0. | |||||
| CVE-2024-42790 | 1 Lopalopa | 1 Music Management System | 2024-09-05 | N/A | 5.4 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. | |||||
| CVE-2024-45265 | 1 Skyss | 1 Arfa-cms | 2024-09-05 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. | |||||
| CVE-2024-42906 | 1 Testlink | 1 Testlink | 2024-09-05 | N/A | 6.1 MEDIUM |
| TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. | |||||
| CVE-2024-44793 | 1 Gazelle Project | 1 Gazelle | 2024-09-05 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter. | |||||
| CVE-2024-44794 | 1 Xiebruce | 1 Picuploader | 2024-09-05 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter. | |||||
| CVE-2024-44795 | 1 Gazelle Project | 1 Gazelle | 2024-09-05 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | |||||
| CVE-2024-8413 | 1 Raspcontrol Project | 1 Raspcontrol | 2024-09-05 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially hijacking their session details. References list | |||||