Total
30726 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37122 | 1 Oxilab | 1 Accordions | 2024-08-02 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5. | ||||
| CVE-2024-37063 | 2024-08-02 | 7.8 High | ||
| A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser. | ||||
| CVE-2024-36577 | 1 Apphp | 1 Apphp Js-object-resolver | 2024-08-02 | 8.3 High |
| apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty. | ||||
| CVE-2024-36647 | 1 Churchcrm | 1 Churchcrm | 2024-08-02 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page. | ||||
| CVE-2024-36676 | 2024-08-02 | 7.5 High | ||
| Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms. | ||||
| CVE-2024-36656 | 1 Minthcm | 1 Minthcm | 2024-08-02 | 6.1 Medium |
| In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. | ||||
| CVE-2024-36674 | 1 Lylme | 1 Lylme Spage | 2024-08-02 | 6.1 Medium |
| LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php. | ||||
| CVE-2024-36392 | 2024-08-02 | 6.1 Medium | ||
| MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2024-36599 | 1 Aegon | 1 Life Insurance Management System | 2024-08-02 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. | ||||
| CVE-2024-36413 | 1 Salesagility | 1 Suitecrm | 2024-08-02 | 8.9 High |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-36422 | 1 Flowiseai | 1 Flowise | 2024-08-02 | 6.1 Medium |
| Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `api/v1/chatflows/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available. | ||||
| CVE-2024-36370 | 2024-08-02 | 4.6 Medium | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible | ||||
| CVE-2024-36368 | 2024-08-02 | 4.6 Medium | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible | ||||
| CVE-2024-36450 | 1 Webmin | 1 Webmin | 2024-08-02 | 5.4 Medium |
| Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted. | ||||
| CVE-2024-36417 | 1 Salesagility | 1 Suitecrm | 2024-08-02 | 5.7 Medium |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-36374 | 2024-08-02 | 4.6 Medium | ||
| In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible | ||||
| CVE-2024-36363 | 2024-08-02 | 4.6 Medium | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible | ||||
| CVE-2024-36366 | 2024-08-02 | 5.4 Medium | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations | ||||
| CVE-2024-36369 | 2024-08-02 | 4.6 Medium | ||
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible | ||||
| CVE-2024-36372 | 2024-08-02 | 4.6 Medium | ||
| In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible | ||||