Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10340 | 2024-11-05 | 6.4 Medium | ||
| The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-37844 | 2 Radix Iot, Radixiot | 2 Mango Os, Mango | 2024-11-05 | 4.7 Medium |
| A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-20387 | 1 Cisco | 1 Firepower Management Center | 2024-11-05 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device. | ||||
| CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. | ||||
| CVE-2023-37746 | 1 Phpgurukul | 1 Maid Hiring Management System | 2024-11-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component. | ||||
| CVE-2024-28034 | 2024-11-05 | 5.4 Medium | ||
| Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi. | ||||
| CVE-2023-44040 | 2024-11-05 | 6.1 Medium | ||
| In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate. | ||||
| CVE-2023-25364 | 2024-11-05 | 6.1 Medium | ||
| Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks. | ||||
| CVE-2023-37560 | 1 Elecom | 4 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 1 more | 2024-11-05 | 6.1 Medium |
| Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | ||||
| CVE-2024-51432 | 1 Fiberhome | 1 Hg6544c Firmware | 2024-11-04 | 4.8 Medium |
| Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized | ||||
| CVE-2024-41930 | 2024-11-04 | 6.1 Medium | ||
| Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. | ||||
| CVE-2024-48410 | 1 Camtrace | 1 Camtrace | 2024-11-04 | 6.1 Medium |
| Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php. | ||||
| CVE-2024-44731 | 2024-11-04 | 4.7 Medium | ||
| Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections. | ||||
| CVE-2024-27525 | 1 Chamilo | 1 Chamilo Lms | 2024-11-04 | 4.6 Medium |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. | ||||
| CVE-2024-27524 | 1 Chamilo | 1 Chamilo Lms | 2024-11-04 | 7.1 High |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. | ||||
| CVE-2023-3532 | 1 Getoutline | 1 Outline | 2024-11-04 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to 0.70.1. | ||||
| CVE-2023-34089 | 1 Decidim | 1 Decidim | 2024-11-04 | 8.1 High |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7. | ||||
| CVE-2023-32693 | 1 Decidim | 1 Decidim | 2024-11-04 | 8.1 High |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7. | ||||
| CVE-2024-51328 | 1 Travel Management System Project | 1 Travel Management System | 2024-11-04 | 6.1 Medium |
| Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter. | ||||
| CVE-2024-26299 | 2024-11-04 | 6.6 Medium | ||
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||