Search Results (47129 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-39143 1 Coderberg 1 Residencecms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload.
CVE-2024-39124 1 Roundup-tracker 1 Roundup 2024-11-21 6.1 Medium
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
CVE-2024-38972 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/.
CVE-2024-38786 1 Burgersoftwares 1 Cozipress 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.This issue affects CoziPress: from n/a through 1.0.30.
CVE-2024-38784 1 Livemesh 1 Beaver Builder Addons 2024-11-21 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1.
CVE-2024-38782 1 Mapsmarker 1 Leaflet Maps Marker 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U. Leaflet Maps Marker allows Stored XSS.This issue affects Leaflet Maps Marker: from n/a through 3.12.9.
CVE-2024-38521 1 Hushline 1 Hush Line 2024-11-21 8.8 High
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.
CVE-2024-38507 1 Jetbrains 1 Hub 2024-11-21 3.5 Low
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
CVE-2024-38493 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
CVE-2024-38436 1 Commugen 1 Sox 365 2024-11-21 6.1 Medium
Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38430 1 Matrix-globalservices 1 Tafnit 2024-11-21 5.4 Medium
Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38354 1 Hackmd 1 Codimd 2024-11-21 8.1 High
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.
CVE-2024-38281 1 Motorola 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware 2024-11-21 9.8 Critical
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device.
CVE-2024-37958 1 Mekshq 1 Meks Smart Author Widget 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.
CVE-2024-37956 1 Vektor-inc 1 Vk All In One Expansion Unit 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.
CVE-2024-37955 1 Makegutenblock 1 Gutslider 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a through 2.7.3.
CVE-2024-37954 1 Marcelotorres 1 Simple Responsive Slider 2024-11-21 7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.
CVE-2024-37888 1 Mlewand 1 Open Link 2024-11-21 6.1 Medium
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**.
CVE-2024-37856 1 Oretnom23 1 Lost And Found Information System 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
CVE-2024-37741 1 Openplcproject 2 Openplc V3, Openplc V3 Firmware 2024-11-21 5.4 Medium
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.