Total
30727 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37215 | 1 Creativeinteractivemedia | 1 Transition Slider | 2024-08-02 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeinteractivemedia Transition Slider – Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider – Responsive Image Slider and Gallery: from n/a through 2.20.3. | ||||
| CVE-2024-37120 | 1 Oxilab | 1 Responsive Tabs | 2024-08-02 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6. | ||||
| CVE-2024-37199 | 1 Kriesi | 1 Enfold | 2024-08-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9. | ||||
| CVE-2024-37258 | 1 Wpsocialrocket | 1 Social Rocket | 2024-08-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3. | ||||
| CVE-2024-37219 | 1 Pagebuildersandwich | 1 Page Builder Sandwich | 2024-08-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PBN Hosting SL Page Builder Sandwich – Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0. | ||||
| CVE-2024-37178 | 2024-08-02 | 5 Medium | ||
| SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. These endpoints are exposed over the network. The vulnerability can exploit resources beyond the vulnerable component. On successful exploitation, an attacker can cause limited impact to confidentiality of the application. | ||||
| CVE-2024-37262 | 1 Vcita | 1 Online Booking \& Scheduling Calendar For Wordpress By Vcita | 2024-08-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.2. | ||||
| CVE-2024-37177 | 2024-08-02 | 8.1 High | ||
| SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and integrity of the application. | ||||
| CVE-2024-37239 | 1 Wpmudev | 1 Branda | 2024-08-02 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17. | ||||
| CVE-2024-37216 | 1 Generatewp | 1 Sketchfab Embed | 2024-08-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5. | ||||
| CVE-2024-37244 | 1 Ninjabeaveraddon | 1 Ninja Beaver Add-ons For Beaver Builder | 2024-08-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through 2.4.5. | ||||
| CVE-2024-37206 | 1 Theme4press | 1 Demo Awesome | 2024-08-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme4Press Demo Awesome allows Reflected XSS.This issue affects Demo Awesome: from n/a through 1.0.1. | ||||
| CVE-2024-37211 | 1 Ali2woo | 1 Aliexpress Dropshipping With Alinext | 2024-08-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | ||||
| CVE-2024-37161 | 2024-08-02 | 4 Medium | ||
| MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue. | ||||
| CVE-2024-37166 | 2024-08-02 | 8.9 High | ||
| ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive protection against all types of XSS attacks in every scenario. This aligns with the approach taken by other template engines. Developers should be cautious and take additional measures to sanitize user input and prevent potential vulnerabilities. Additionally, the backtick character (`) is now also escaped to prevent the creation of strings in most cases where a malicious actor somehow gains the ability to write JavaScript. This does not provide comprehensive protection either. | ||||
| CVE-2024-37097 | 1 Unitedthemes | 1 Shortcodes | 2024-08-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UnitedThemes Shortcodes by United Themes allows Reflected XSS.This issue affects Shortcodes by United Themes: from n/a before 5.0.5. | ||||
| CVE-2024-37117 | 1 Uncannyowl | 1 Uncanny Automator | 2024-08-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Automator Pro allows Reflected XSS.This issue affects Uncanny Automator Pro: from n/a through 5.3. | ||||
| CVE-2024-37121 | 1 Oxilab | 1 Shortcode Addons | 2024-08-02 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5. | ||||
| CVE-2024-37101 | 1 Afthemes | 1 Wp Post Author | 2024-08-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AF themes WP Post Author allows Stored XSS.This issue affects WP Post Author: from n/a through 3.6.7. | ||||
| CVE-2024-37116 | 1 Sinatrateam | 1 Sinatra | 2024-08-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3. | ||||