Total
28732 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6783 | 2024-08-30 | N/A | 4.8 MEDIUM | ||
| A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code. | |||||
| CVE-2024-6212 | 1 Oretnom23 | 1 Simple Student Attendance System | 2024-08-30 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269276. | |||||
| CVE-2024-27095 | 1 Decidim | 1 Decidim | 2024-08-30 | N/A | 4.8 MEDIUM |
| Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1. | |||||
| CVE-2024-6650 | 1 Oretnom23 | 1 Employee And Visitor Gate Pass Logging System | 2024-08-30 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-35695 | 1 Fahadmahmood | 1 Wp Docs | 2024-08-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.1.3. | |||||
| CVE-2024-35694 | 1 Wpmobile.app Project | 1 Wpmobile.app | 2024-08-29 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMobile.App allows Reflected XSS.This issue affects WPMobile.App: from n/a through 11.41. | |||||
| CVE-2024-35693 | 1 Code4recovery | 1 12 Step Meeting List | 2024-08-29 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code for Recovery 12 Step Meeting List allows Reflected XSS.This issue affects 12 Step Meeting List: from n/a through 3.14.33. | |||||
| CVE-2024-35679 | 1 Givewp | 1 Givewp | 2024-08-29 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through 3.12.0. | |||||
| CVE-2024-35719 | 1 Magnigenie | 1 Restropress | 2024-08-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagniGenie RestroPress allows Stored XSS.This issue affects RestroPress: from n/a through 3.1.2.1. | |||||
| CVE-2024-35718 | 1 Tribulant | 1 Newsletters | 2024-08-29 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5. | |||||
| CVE-2024-35714 | 1 Themefreesia | 1 Idyllic | 2024-08-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Idyllic allows Stored XSS.This issue affects Idyllic: from n/a through 1.1.8. | |||||
| CVE-2024-35713 | 1 Uapp | 1 Testimonial Carousel For Elementor | 2024-08-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1. | |||||
| CVE-2024-35711 | 1 Themefreesia | 1 Event | 2024-08-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Event allows Stored XSS.This issue affects Event: from n/a through 1.2.2. | |||||
| CVE-2024-35591 | 2024-08-29 | N/A | 5.4 MEDIUM | ||
| An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-34913 | 1 Technocking | 1 R-pan-scaffolding | 2024-08-29 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-27734 | 2024-08-29 | N/A | 6.1 MEDIUM | ||
| A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component. | |||||
| CVE-2024-27517 | 2024-08-29 | N/A | 5.4 MEDIUM | ||
| Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions. | |||||
| CVE-2024-25166 | 2024-08-29 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. | |||||
| CVE-2023-6290 | 1 Seopress | 1 Seopress | 2024-08-29 | N/A | 4.8 MEDIUM |
| The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2023-49034 | 2024-08-29 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files. | |||||