Total
28737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29271 | 2024-08-28 | N/A | 6.1 MEDIUM | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. | |||||
| CVE-2022-4862 | 1 M-files | 1 M-files Server | 2024-08-28 | N/A | 7.6 HIGH |
| Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | |||||
| CVE-2023-4479 | 2024-08-28 | N/A | 7.3 HIGH | ||
| Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. | |||||
| CVE-2023-2325 | 1 M-files | 1 Classic Web | 2024-08-28 | N/A | 5.4 MEDIUM |
| Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document. | |||||
| CVE-2024-29273 | 2024-08-27 | N/A | 6.1 MEDIUM | ||
| There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. | |||||
| CVE-2024-27757 | 2024-08-27 | N/A | 6.1 MEDIUM | ||
| flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024." | |||||
| CVE-2024-26521 | 2024-08-27 | N/A | 4.8 MEDIUM | ||
| HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component. | |||||
| CVE-2024-42789 | 2024-08-27 | N/A | 6.3 MEDIUM | ||
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. | |||||
| CVE-2024-29504 | 2024-08-27 | N/A | 7.6 HIGH | ||
| Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. | |||||
| CVE-2024-29413 | 2024-08-27 | N/A | 5.4 MEDIUM | ||
| Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function. | |||||
| CVE-2024-26471 | 2024-08-27 | N/A | 5.4 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php. | |||||
| CVE-2024-25868 | 2024-08-27 | N/A | 6.1 MEDIUM | ||
| A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component. | |||||
| CVE-2024-27719 | 2024-08-27 | N/A | 6.1 MEDIUM | ||
| A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function. | |||||
| CVE-2024-27703 | 2024-08-27 | N/A | 5.4 MEDIUM | ||
| Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter. | |||||
| CVE-2024-25874 | 2024-08-27 | N/A | 5.4 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. | |||||
| CVE-2024-25854 | 2024-08-27 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket. | |||||
| CVE-2023-24050 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2024-08-27 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel. | |||||
| CVE-2024-39248 | 1 Fikeulous | 1 Simpcms | 2024-08-27 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php. | |||||
| CVE-2012-4344 | 1 Progress | 1 Whatsup Gold | 2024-08-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. | |||||
| CVE-2015-6005 | 1 Progress | 1 Whatsup Gold | 2024-08-27 | 3.5 LOW | 6.9 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | |||||