Total
30498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24886 | 1 Acowebs | 1 Product Labels For Woocommerce \(sale Badges\) | 2024-08-01 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3. | ||||
| CVE-2024-24807 | 1 Sulu | 1 Sulu | 2024-08-01 | 2.7 Low |
| Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12. | ||||
| CVE-2024-24831 | 1 Leap13 | 1 Premium Addons For Elementor | 2024-08-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16. | ||||
| CVE-2024-24871 | 1 Creativethemes | 1 Blocksy | 2024-08-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19. | ||||
| CVE-2024-24865 | 1 Noahkagan | 1 Scroll Triggered Box | 2024-08-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3. | ||||
| CVE-2024-24847 | 1 Jgadbois | 1 Calculatorpro Calculators | 2024-08-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7. | ||||
| CVE-2024-24838 | 1 Fivestarplugins | 1 Five Star Restaurant Menu | 2024-08-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5. | ||||
| CVE-2024-24848 | 1 Mjssoftware | 1 Sign Ups | 2024-08-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4. | ||||
| CVE-2024-24846 | 1 Mightythemes | 1 Mighty Addons | 2024-08-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3. | ||||
| CVE-2024-24712 | 1 Heateor | 1 Social Login | 2024-08-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS.This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. | ||||
| CVE-2024-24812 | 1 Frappe | 1 Frappe | 2024-08-01 | 5.4 Medium |
| Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available. | ||||
| CVE-2024-24801 | 1 Logichunt | 1 Owl Carousel | 2024-08-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0. | ||||
| CVE-2024-24815 | 1 Ckeditor | 1 Ckeditor | 2024-08-01 | 6.1 Medium |
| CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts. | ||||
| CVE-2024-24804 | 1 Web-soudan | 1 Mw Wp Form | 2024-08-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6. | ||||
| CVE-2024-24717 | 1 Beds24 | 1 Online Booking | 2024-08-01 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.23. | ||||
| CVE-2024-24816 | 1 Ckeditor | 1 Ckeditor | 2024-08-01 | 6.1 Medium |
| CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts. | ||||
| CVE-2024-24803 | 1 Wpoperation | 1 Ultra Companion | 2024-08-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion – Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion – Companion plugin for WPoperation Themes: from n/a through 1.1.9. | ||||
| CVE-2024-24713 | 1 Wpautolistings | 1 Auto Listings | 2024-08-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5. | ||||
| CVE-2024-24594 | 1 Clear | 1 Clearml | 2024-08-01 | 9.9 Critical |
| A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI. | ||||
| CVE-2024-24570 | 1 Statamic | 1 Statamic | 2024-08-01 | 8.2 High |
| Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionally, if the XSS is crafted in a specific way, the "copy password reset link" feature may be exploited to gain access to a user's password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur. In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled. | ||||