Total
43562 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8608 | 1 Oceanicsoft | 1 Valeapp | 2024-10-04 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0. | ||||
| CVE-2024-8457 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | 4.8 Medium |
| Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack. | ||||
| CVE-2024-46475 | 1 Metronic | 1 Metronic | 2024-10-04 | 4.8 Medium |
| A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
| CVE-2024-9279 | 1 Funnyzpc | 1 Mee-admin | 2024-10-04 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-43986 | 1 Mage-people | 1 Ecab Taxi Booking Manager | 2024-10-04 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: through 1.0.9. | ||||
| CVE-2024-8536 | 2 Dotcamp, Ultimateblocks | 2 Ultimate Blocks, Ultimateblocks | 2024-10-03 | 5.4 Medium |
| The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-20475 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-10-03 | 6.4 Medium |
| A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. | ||||
| CVE-2024-7878 | 2 Technowich, Wpulike | 2 Wp Ulike, Wp Ulike | 2024-10-02 | 4.8 Medium |
| The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-51157 | 1 Zkteco | 2 Wdms, Wdms Pro | 2024-10-02 | 5.4 Medium |
| Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter. | ||||
| CVE-2024-46655 | 1 Ellevo | 1 Ellevo | 2024-10-02 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. | ||||
| CVE-2024-9198 | 1 Clibomanager | 1 Clibo Manager | 2024-10-02 | 7.6 High |
| Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture. | ||||
| CVE-2024-3635 | 2 Post Grid Team By Radiustheme, Radiustheme | 2 The Post Grid, The Post Grid | 2024-10-02 | 4.8 Medium |
| The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-38380 | 1 Millbeckcommunications | 2 Proroute H685t-w, Proroute H685t-w Firmware | 2024-10-02 | 5.5 Medium |
| This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session. | ||||
| CVE-2024-45613 | 1 Ckeditor | 1 Ckeditor5 | 2024-10-01 | 6.1 Medium |
| CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin. | ||||
| CVE-2024-9299 | 1 Oretnom23 | 1 Railway Reservation System | 2024-10-01 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. This affects an unknown part of the file /?page=reserve. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9300 | 2 Oretnom23, Sourcecodester | 2 Railway Reservation System, Online Railway Reservation System | 2024-10-01 | 4.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. This vulnerability affects unknown code of the file contact_us.php of the component Message Us Form. The manipulation of the argument fullname/email/message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9320 | 2 Rems, Sourcecodester | 2 Online Timesheet App, Online Timesheet | 2024-10-01 | 3.5 Low |
| A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /endpoint/add-timesheet.php of the component Add Timesheet Form. The manipulation of the argument day/task leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9323 | 2 Mayurik, Sourcecodester | 2 Free And Open Source Inventory Management System, Inventory Management System | 2024-10-01 | 3.5 Low |
| A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/add_staff.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41725 | 1 Doverfuelingsolutions | 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more | 2024-09-30 | 8.8 High |
| ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. | ||||
| CVE-2024-8942 | 1 Scriptcase | 1 Scriptcase | 2024-09-30 | 6.3 Medium |
| Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. This vulnerability could allow a remote user to send a specially crafted URL to a victim and retrieve their credentials. | ||||