Total
32308 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20443 | 1 Cisco | 1 Identity Services Engine | 2024-08-23 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. | ||||
| CVE-2024-20479 | 1 Cisco | 1 Identity Services Engine | 2024-08-23 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have Admin privileges on an affected device. | ||||
| CVE-2023-26211 | 1 Fortinet | 1 Fortisoar | 2024-08-22 | 6.4 Medium |
| An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. | ||||
| CVE-2024-43400 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2024-08-22 | 9.1 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. | ||||
| CVE-2024-8022 | 2024-08-22 | 3.5 Low | ||
| A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?lang=EN&act=user/spec_conf&sessionId=86213915328111654515&user=A&message2user=Account%20updated. The manipulation of the argument Phone Number leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-43411 | 2024-08-22 | 3.1 Low | ||
| CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please contact us. The fix is available in version 4.25.0-lts. | ||||
| CVE-2024-5849 | 1 Pepperl-fuchs | 48 Eip\/modbus Firmware, Ethernet\/ip Firmware, Icdm-rx\/en-2db9\/rj45-din and 45 more | 2024-08-22 | 7.1 High |
| An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. | ||||
| CVE-2024-38502 | 1 Pepperl-fuchs | 48 Eip\/modbus Firmware, Ethernet\/ip Firmware, Icdm-rx\/en-2db9\/rj45-din and 45 more | 2024-08-22 | 7.1 High |
| An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. | ||||
| CVE-2024-38501 | 1 Pepperl-fuchs | 48 Eip\/modbus Firmware, Ethernet\/ip Firmware, Icdm-rx\/en-2db9\/rj45-din and 45 more | 2024-08-22 | 6.1 Medium |
| An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. | ||||
| CVE-2024-43218 | 2024-08-22 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Mediavine Control Panel allows Stored XSS.This issue affects Mediavine Control Panel: from n/a through 2.10.4. | ||||
| CVE-2024-7134 | 1 Liquidpoll | 1 Liquidpoll | 2024-08-21 | 7.2 High |
| The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-28740 | 1 Koha | 1 Koha | 2024-08-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. | ||||
| CVE-2024-39094 | 1 Friendica | 1 Friendica | 2024-08-21 | 5.4 Medium |
| Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. | ||||
| CVE-2022-26328 | 2024-08-21 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63. | ||||
| CVE-2024-40500 | 2 I-librarian, Scilico | 2 I-librarian, I-librarian | 2024-08-21 | 8.8 High |
| Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. | ||||
| CVE-2024-35540 | 1 Typecho | 1 Typecho | 2024-08-21 | 7.6 High |
| A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-6378 | 2 3ds, Enovia | 2 3dexperience, Collaborative Industry Innovator | 2024-08-21 | 8.7 High |
| A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-7945 | 2 Adonesevangelista, Itsourcecode | 2 Laravel Property Management System, Laravel Property Management System | 2024-08-21 | 3.5 Low |
| A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/notes/create of the component Notes Page. The manipulation of the argument Note text leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7844 | 1 Tamparongj 03 | 1 Online Graduate Tracer System | 2024-08-21 | 3.5 Low |
| A vulnerability has been found in SourceCodester Online Graduate Tracer System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/admin/add_acc.php. The manipulation of the argument name/user/position leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7929 | 2 Oretnom23, Sourcecodester | 2 Simple Forum Website, Simple Forum Website | 2024-08-21 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. This affects an unknown part of the file /registration.php of the component Signup Page. The manipulation of the argument username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||