Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23032 | 1 Eyoucms | 1 Eyoucms | 2024-08-01 | 6.1 Medium |
| Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-23031 | 1 Eyoucms | 1 Eyoucms | 2024-08-01 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-23034 | 1 Eyoucms | 1 Eyoucms | 2024-08-01 | 6.1 Medium |
| Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-22877 | 1 Strangebee | 1 Thehive | 2024-08-01 | 5.4 Medium |
| StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened. | ||||
| CVE-2024-22639 | 1 Igalerie | 1 Igalerie | 2024-08-01 | 6.1 Medium |
| iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface. | ||||
| CVE-2024-22927 | 1 Eyoucms | 1 Eyoucms | 2024-08-01 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-23033 | 1 Eyoucms | 1 Eyoucms | 2024-08-01 | 6.1 Medium |
| Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-22876 | 1 Strangebee | 1 Thehive | 2024-08-01 | 5.4 Medium |
| StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator. | ||||
| CVE-2024-22635 | 1 Webcalendar Project | 1 Webcalendar | 2024-08-01 | 6.1 Medium |
| WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. | ||||
| CVE-2024-22551 | 1 Ushainformatique | 1 Whatacart | 2024-08-01 | 6.1 Medium |
| WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. | ||||
| CVE-2024-22549 | 1 Flycms Project | 1 Flycms | 2024-08-01 | 5.4 Medium |
| FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | ||||
| CVE-2024-22714 | 1 Codelyfe | 1 Stupid Simple Cms | 2024-08-01 | 6.1 Medium |
| Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content. | ||||
| CVE-2024-22569 | 1 Poscms | 1 Poscms | 2024-08-01 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. | ||||
| CVE-2024-22570 | 1 Njtech | 1 Greencms | 2024-08-01 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-22559 | 1 Lightcms Project | 1 Lightcms | 2024-08-01 | 5.4 Medium |
| LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. | ||||
| CVE-2024-22494 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-01 | 5.4 Medium |
| A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2024-22497 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-01 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. | ||||
| CVE-2024-22492 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-01 | 5.4 Medium |
| A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2024-22444 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-08-01 | 6.1 Medium |
| A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface. | ||||
| CVE-2024-22418 | 1 Group-office | 1 Group Office | 2024-08-01 | 6.5 Medium |
| Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename such as “><img src=x onerror=prompt('XSS')>.jpg” triggers the vulnerability. When this file is uploaded, the JavaScript code within the filename is executed. This issue has been addressed in version 6.8.29. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||