Total
29096 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-18668 | 1 Sir | 1 Gnuboard | 2024-09-19 | N/A |
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. | ||||
CVE-2018-18674 | 1 Sir | 1 Gnuboard | 2024-09-19 | 6.1 Medium |
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter. | ||||
CVE-2020-18661 | 1 Sir | 1 Gnuboard | 2024-09-19 | 6.1 Medium |
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php. | ||||
CVE-2024-8783 | 1 Opentibiabr | 1 Myaac | 2024-09-19 | 3.5 Low |
A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue. | ||||
CVE-2021-38131 | 1 Microfocus | 1 Edirectory | 2024-09-18 | 5.4 Medium |
Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenTextâ„¢ eDirectory 9.2.5.0000. | ||||
CVE-2024-8750 | 1 I-doit | 1 I-doit | 2024-09-18 | 5.4 Medium |
Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view). | ||||
CVE-2024-34335 | 1 Ordat | 2 Foss-online, Ordat.erp | 2024-09-18 | 6.1 Medium |
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. | ||||
CVE-2023-36637 | 1 Fortinet | 1 Fortimail | 2024-09-18 | 3.4 Low |
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | ||||
CVE-2024-45303 | 1 Discourse | 1 Calendar | 2024-09-18 | 6.1 Medium |
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in version 0.5 of the Discourse Calendar plugin. | ||||
CVE-2023-46344 | 1 Solar-log | 2 2000 Pm\+, 2000 Pm\+ Firmware | 2024-09-18 | 5.4 Medium |
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. NOTE: The vendor states that this vulnerability has been fixed in version 6.2.0-170. | ||||
CVE-2024-8708 | 1 Mayurik | 1 Best House Rental Management System | 2024-09-18 | 3.5 Low |
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. | ||||
CVE-2023-42474 | 1 Sap | 1 Businessobjects Web Intelligence | 2024-09-18 | 6.8 Medium |
SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information. | ||||
CVE-2023-50231 | 1 Netgear | 1 Prosafe Network Management System | 2024-09-18 | N/A |
NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838. | ||||
CVE-2024-8144 | 1 Classcms | 1 Classcms | 2024-09-18 | 3.5 Low |
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2023-36555 | 1 Fortinet | 1 Fortios | 2024-09-18 | 3.9 Low |
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. | ||||
CVE-2024-43327 | 1 Teleogistic | 1 Invite Anyone | 2024-09-18 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7. | ||||
CVE-2024-43967 | 1 Starkdigital | 1 Wp Testimonial Widget | 2024-09-18 | 5.9 Medium |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1. | ||||
CVE-2023-38215 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-18 | 5.4 Medium |
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2023-38214 | 1 Adobe | 1 Experience Manager | 2024-09-18 | 5.4 Medium |
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2023-29322 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-09-18 | 5.4 Medium |
Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |