Total
29088 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44758 | 1 Gdidees | 1 Gdidees Cms | 2024-09-19 | 5.4 Medium |
| GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. | ||||
| CVE-2024-7737 | 1 Dassault | 3 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023, 3dswymer 3dexperience 2024 | 2024-09-19 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-6252 | 1 Skycaiji | 1 Skycaiji | 2024-09-19 | 2.4 Low |
| A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269419. | ||||
| CVE-2024-6251 | 1 Playsms | 1 Playsms | 2024-09-19 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an unknown function of the file /index.php?app=main&inc=feature_phonebook&op=phonebook_list of the component New Phonebook Handler. The manipulation of the argument name/email leads to basic cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269418 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-38379 | 1 Apache | 1 Allura | 2024-09-19 | 4.8 Medium |
| Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue. | ||||
| CVE-2023-44762 | 1 Concretecms | 1 Concrete Cms | 2024-09-19 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. | ||||
| CVE-2023-44770 | 1 Tribalsystems | 1 Zenario | 2024-09-19 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. | ||||
| CVE-2023-44771 | 1 Tribalsystems | 1 Zenario | 2024-09-19 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. | ||||
| CVE-2023-43698 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-09-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website. | ||||
| CVE-2023-44812 | 1 Moosocial | 1 Moosocial | 2024-09-19 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. | ||||
| CVE-2023-44813 | 1 Moosocial | 1 Moosocial | 2024-09-19 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. | ||||
| CVE-2024-47058 | 2024-09-19 | 2.9 Low | ||
| With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session. | ||||
| CVE-2024-47050 | 2024-09-19 | 5.4 Medium | ||
| Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | ||||
| CVE-2021-27917 | 2024-09-19 | 7.3 High | ||
| Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | ||||
| CVE-2023-40684 | 1 Ibm | 1 Content Navigator | 2024-09-19 | 4.6 Medium |
| IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. | ||||
| CVE-2023-5452 | 1 Snipeitapp | 1 Snipe-it | 2024-09-19 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | ||||
| CVE-2024-7269 | 1 Connx | 1 Esp Hr Management | 2024-09-19 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6. | ||||
| CVE-2020-18336 | 1 Typora | 1 Typora | 2024-09-19 | 7.4 High |
| Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | ||||
| CVE-2023-44826 | 1 Easycorp | 1 Zentao | 2024-09-19 | 5.4 Medium |
| Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | ||||
| CVE-2024-7162 | 1 Seacms | 1 Seacms | 2024-09-19 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576. | ||||