Total
28727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42901 | 2024-09-03 | N/A | 4.8 MEDIUM | ||
| A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. | |||||
| CVE-2023-46483 | 1 Timeteccloud | 1 Auto Web-based Database Management System | 2024-09-03 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function. | |||||
| CVE-2024-5763 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-09-03 | N/A | 5.4 MEDIUM |
| The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6575 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-09-03 | N/A | 5.4 MEDIUM |
| The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6864 | 1 Sayandatta | 1 Wp Last Modified Info | 2024-09-03 | N/A | 5.4 MEDIUM |
| The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-41697 | 1 Priority-software | 1 Priority | 2024-09-03 | N/A | 6.1 MEDIUM |
| Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | |||||
| CVE-2024-41241 | 1 Lopalopa | 1 Responsive School Management System | 2024-09-03 | N/A | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | |||||
| CVE-2024-40473 | 1 Mayurik | 1 Best House Rental Management System | 2024-09-03 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields. | |||||
| CVE-2024-34224 | 2024-09-03 | N/A | 7.3 HIGH | ||
| Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters. | |||||
| CVE-2024-3886 | 1 Tagdiv | 1 Tagdiv Composer | 2024-09-03 | N/A | 6.1 MEDIUM |
| The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-44778 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | N/A | 9.6 CRITICAL |
| A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-44779 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | N/A | 9.6 CRITICAL |
| A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-44777 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | N/A | 9.6 CRITICAL |
| A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-44717 | 1 Dedebiz | 1 Dedebiz | 2024-09-03 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-44716 | 1 Dedebiz | 1 Dedebiz | 2024-09-03 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-43964 | 1 Dsgvo-for-wp | 1 Dsgvo All In One For Wp | 2024-09-03 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Leithold DSGVO All in one for WP allows Stored XSS.This issue affects DSGVO All in one for WP: from n/a through 4.5. | |||||
| CVE-2024-43396 | 1 Khoj | 1 Khoj | 2024-09-03 | N/A | 5.4 MEDIUM |
| Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0. | |||||
| CVE-2024-6585 | 2024-09-03 | N/A | 5.4 MEDIUM | ||
| Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application. | |||||
| CVE-2024-45528 | 2024-09-03 | N/A | 5.4 MEDIUM | ||
| CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. | |||||
| CVE-2024-43949 | 1 Automattic | 2 Ghacitivity, Ghactivity | 2024-09-03 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha. | |||||