Total
28702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43359 | 1 Zoneminder | 1 Zoneminder | 2024-09-04 | N/A | 6.1 MEDIUM |
| ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61. | |||||
| CVE-2024-43358 | 1 Zoneminder | 1 Zoneminder | 2024-09-04 | N/A | 6.1 MEDIUM |
| ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61. | |||||
| CVE-2024-44930 | 1 Serilog-contrib | 1 Serilog-enrichers-clientinfo | 2024-09-04 | N/A | 6.5 MEDIUM |
| Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. | |||||
| CVE-2024-44820 | 1 Zzcms | 1 Zzcms | 2024-09-04 | N/A | 6.1 MEDIUM |
| A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, which exposes detailed information about the PHP environment, including server configuration, loaded modules, and environment variables. | |||||
| CVE-2020-7776 | 1 Phpoffice | 1 Phpspreadsheet | 2024-09-04 | 3.5 LOW | 6.4 MEDIUM |
| This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as HTML. A fix for this issue is available on commit 0ed5b800be2136bcb8fa9c1bdf59abc957a98845/master branch. | |||||
| CVE-2024-45046 | 1 Phpoffice | 1 Phpspreadsheet | 2024-09-04 | N/A | 5.4 MEDIUM |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker may used a crafted spreadsheet to fully takeover a session of a user viewing spreadsheet files as HTML. This issue has been addressed in release version 2.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-8328 | 1 Easy Test Online Learning And Testing Platform Project | 1 Easy Test Online Learning And Testing Platform | 2024-09-04 | N/A | 5.4 MEDIUM |
| Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks. | |||||
| CVE-2024-44684 | 1 Tpmecms | 1 Tpmecms | 2024-09-04 | N/A | 6.1 MEDIUM |
| TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields. | |||||
| CVE-2024-44683 | 1 Seacms | 1 Seacms | 2024-09-04 | N/A | 6.1 MEDIUM |
| Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | |||||
| CVE-2024-44682 | 1 Shopxo | 1 Shopxo | 2024-09-04 | N/A | 6.1 MEDIUM |
| ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters. | |||||
| CVE-2024-41349 | 1 Cdevroe | 1 Unmark | 2024-09-04 | N/A | 6.1 MEDIUM |
| unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. | |||||
| CVE-2024-41371 | 1 Organizr | 1 Organizr | 2024-09-04 | N/A | 6.1 MEDIUM |
| Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. | |||||
| CVE-2024-41358 | 1 Phpipam | 1 Phpipam | 2024-09-04 | N/A | 6.1 MEDIUM |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php. | |||||
| CVE-2024-41351 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php | |||||
| CVE-2024-41350 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php | |||||
| CVE-2024-41348 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 6.1 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php | |||||
| CVE-2024-41347 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 6.1 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php | |||||
| CVE-2024-41346 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 5.4 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php | |||||
| CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | |||||
| CVE-2024-8004 | 1 3ds | 1 3dexperience Enovia | 2024-09-04 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||