Total
29088 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-43877 | 1 Ritecms | 1 Ritecms | 2024-09-19 | 4.8 Medium |
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. | ||||
CVE-2023-42808 | 1 Mozilla | 1 Common Voice | 2024-09-19 | 6.1 Medium |
Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist. | ||||
CVE-2023-43260 | 1 Milesight | 15 Ur32, Ur32 Firmware, Ur32l and 12 more | 2024-09-19 | 6.1 Medium |
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. | ||||
CVE-2024-45458 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-09-19 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13. | ||||
CVE-2024-45455 | 1 Joomunited | 1 Wp Meta Seo | 2024-09-19 | 5.9 Medium |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13. | ||||
CVE-2024-31414 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2024-09-19 | 6.7 Medium |
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors. | ||||
CVE-2024-45456 | 1 Joomunited | 1 Wp Meta Seo | 2024-09-19 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13. | ||||
CVE-2024-8652 | 2024-09-19 | N/A | ||
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch. | ||||
CVE-2024-8653 | 2024-09-19 | N/A | ||
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch. | ||||
CVE-2024-7655 | 1 Peepso | 1 Peepso | 2024-09-19 | 4.4 Medium |
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
CVE-2024-7618 | 1 Peepso | 1 Peepso | 2024-09-19 | 4.4 Medium |
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
CVE-2024-4554 | 2 Microfocus, Netiq | 2 Netiq Access Manager, Access Manager | 2024-09-19 | 7.3 High |
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. | ||||
CVE-2024-7736 | 1 3ds | 1 3dexperience Enovia | 2024-09-19 | 8.7 High |
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
CVE-2024-45400 | 1 Mlewand | 1 Open Link | 2024-09-19 | 6.1 Medium |
ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7. | ||||
CVE-2024-45176 | 1 C-mor | 1 C-mor | 2024-09-19 | 6.1 Medium |
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation. | ||||
CVE-2023-45373 | 1 Mediawiki | 1 Mediawiki | 2024-09-19 | 6.1 Medium |
An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators. | ||||
CVE-2024-38156 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | 6.1 Medium |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
CVE-2024-35267 | 1 Microsoft | 1 Azure Devops Server | 2024-09-19 | 7.6 High |
Azure DevOps Server Spoofing Vulnerability | ||||
CVE-2024-35266 | 1 Microsoft | 1 Azure Devops Server | 2024-09-19 | 7.6 High |
Azure DevOps Server Spoofing Vulnerability | ||||
CVE-2023-44390 | 1 Htmlsanitizer Project | 1 Htmlsanitizer | 2024-09-19 | 6.1 Medium |
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version). |