Total
28737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35703 | 1 Sinaextra | 1 Sina Extension For Elementor | 2024-08-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.3. | |||||
| CVE-2024-35704 | 1 Wpblockart | 1 Blockart Blocks | 2024-08-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockArt BlockArt Blocks allows Stored XSS.This issue affects BlockArt Blocks: from n/a through 2.1.5. | |||||
| CVE-2024-35705 | 1 Getbutterfly | 1 Block For Font Awesome | 2024-08-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through 1.4.4. | |||||
| CVE-2024-35706 | 1 Heateor | 1 Social Login | 2024-08-29 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through 1.1.32. | |||||
| CVE-2024-40101 | 1 Microweber | 1 Microweber | 2024-08-29 | N/A | 6.1 MEDIUM |
| A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter. | |||||
| CVE-2024-43111 | 1 Mozilla | 1 Firefox | 2024-08-29 | N/A | 6.1 MEDIUM |
| Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. | |||||
| CVE-2024-43112 | 1 Mozilla | 1 Firefox | 2024-08-29 | N/A | 6.1 MEDIUM |
| Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. | |||||
| CVE-2024-43113 | 1 Mozilla | 1 Firefox | 2024-08-29 | N/A | 6.1 MEDIUM |
| The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. | |||||
| CVE-2024-7852 | 1 Oretnom23 | 1 Yoga Class Registration System | 2024-08-29 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42366 | 1 Vrcx-team | 1 Vrcx | 2024-08-29 | N/A | 9.0 CRITICAL |
| VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX. | |||||
| CVE-2024-7394 | 1 Concretecms | 1 Concrete Cms | 2024-08-29 | N/A | 4.8 MEDIUM |
| Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v3.1 rank of 2 with vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and a CVSS v4.0 rank of 1.8 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N . Thanks, m3dium for reporting. | |||||
| CVE-2024-42900 | 2024-08-29 | N/A | 6.1 MEDIUM | ||
| Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create. | |||||
| CVE-2024-34906 | 1 Dootask | 1 Dootask | 2024-08-28 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-29469 | 2024-08-28 | N/A | 6.1 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. | |||||
| CVE-2024-28434 | 2024-08-28 | N/A | 7.6 HIGH | ||
| The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code. | |||||
| CVE-2024-26491 | 2024-08-28 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field. | |||||
| CVE-2024-6361 | 1 Opentext | 1 Alm Octane | 2024-08-28 | N/A | 5.4 MEDIUM |
| Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack. | |||||
| CVE-2024-43915 | 1 Zephyr-one | 1 Zephyr Project Manager | 2024-08-28 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102. | |||||
| CVE-2024-41658 | 1 Casbin | 1 Casdoor | 2024-08-28 | N/A | 6.1 MEDIUM |
| Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via wechat pay. When using wechat pay, a QR code with the wechat pay link is displayed on the payment page, hosted on the domain of casdoor. This page takes a query parameter from the url successUrl, and redirects the user to that url after a successful purchase. Because the user has no reason to think that the payment page contains sensitive information, they may share it with other or can be social engineered into sending it to others. An attacker can then craft the casdoor link with a special url and send it back to the user, and once payment has gone though an XSS attack occurs. | |||||
| CVE-2024-6879 | 2024-08-28 | N/A | 4.7 MEDIUM | ||
| The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks. | |||||