Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24556 | 1 Nearform | 1 Urql | 2024-08-01 | 7.2 High |
| urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1 | ||||
| CVE-2024-24397 | 1 Stimulsoft | 1 Dashboards.js | 2024-08-01 | 5.4 Medium |
| Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field. | ||||
| CVE-2024-24388 | 1 Xunruicms | 1 Xunruicms | 2024-08-01 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | ||||
| CVE-2024-24130 | 1 Mail2world | 1 Mail2world | 2024-08-01 | 6.1 Medium |
| Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp. | ||||
| CVE-2024-24160 | 1 Mrcms | 1 Mrcms | 2024-08-01 | 5.4 Medium |
| MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. | ||||
| CVE-2024-24136 | 1 Remyandrade | 1 Math Game | 2024-08-01 | 6.1 Medium |
| The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2024-24134 | 1 Remyandrade | 1 Online Food Menu | 2024-08-01 | 4.8 Medium |
| Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. | ||||
| CVE-2024-24060 | 1 Aitangbao | 1 Springboot-manager | 2024-08-01 | 5.4 Medium |
| springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. | ||||
| CVE-2024-24131 | 1 Superwebmailer | 1 Superwebmailer | 2024-08-01 | 6.1 Medium |
| SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. | ||||
| CVE-2024-24157 | 2024-08-01 | N/A | ||
| Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. | ||||
| CVE-2024-24061 | 1 Aitangbao | 1 Springboot-manager | 2024-08-01 | 5.4 Medium |
| springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. | ||||
| CVE-2024-24062 | 1 Aitangbao | 1 Springboot-manager | 2024-08-01 | 5.4 Medium |
| springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. | ||||
| CVE-2024-24041 | 1 Remyandrade | 1 Travel Journal Using Php And Mysql With Source Code | 2024-08-01 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php. | ||||
| CVE-2024-24115 | 1 Cotonti | 1 Siena | 2024-08-01 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-24059 | 1 Aitangbao | 1 Springboot-manager | 2024-08-01 | 5.4 Medium |
| springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files. | ||||
| CVE-2024-23941 | 1 Group-office | 1 Group Office | 2024-08-01 | 5.4 Medium |
| Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | ||||
| CVE-2024-23882 | 1 Ajaysharma | 1 Cups Easy | 2024-08-01 | 8.2 High |
| A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | ||||
| CVE-2024-23875 | 1 Ajaysharma | 1 Cups Easy | 2024-08-01 | 8.2 High |
| A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | ||||
| CVE-2024-23864 | 1 Ajaysharma | 1 Cups Easy | 2024-08-01 | 8.2 High |
| A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | ||||
| CVE-2024-23821 | 2024-08-01 | 4.8 Medium | ||
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. | ||||