Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40743 | 2024-11-03 | 6.1 Medium | ||
| The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors. | ||||
| CVE-2024-21727 | 1 Digital-peak | 1 Dp Calendar For Joomla | 2024-11-03 | 6.1 Medium |
| XSS vulnerability in DP Calendar component for Joomla. | ||||
| CVE-2024-37879 | 2024-11-01 | 4.8 Medium | ||
| Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo". | ||||
| CVE-2024-51492 | 1 Zusam | 1 Zusam | 2024-11-01 | 8.8 High |
| Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on (raw) image load. With certain payloads, theft of the target user’s long-lived session token is possible. Note that Zusam, at the time of writing, uses a user’s static API key as a long-lived session token, and these terms can be used interchangeably on the platform. This session token/API key remains valid indefinitely, so long as the user doesn’t expressly request a new one via their Settings page. Version 0.5.6 fixes the cross-site scripting vulnerability. | ||||
| CVE-2024-34090 | 2024-11-01 | 7.3 High | ||
| An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release. | ||||
| CVE-2024-27706 | 2024-11-01 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues. | ||||
| CVE-2024-49659 | 1 Chartscss | 1 Coub | 2024-11-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Coub allows Stored XSS.This issue affects Coub: from n/a through 1.4. | ||||
| CVE-2024-49654 | 2 Marian, Marianheddesheimer | 2 Extra Privacy For Elementor, Extra Privacy For Elementor | 2024-11-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Heddesheimer Extra Privacy for Elementor allows Reflected XSS.This issue affects Extra Privacy for Elementor: from n/a through 0.1.3. | ||||
| CVE-2024-49656 | 2 Abdullah Irfan, Abdullahirfan | 2 Document Press, Documentpress | 2024-11-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n/a through 2.1. | ||||
| CVE-2024-20300 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. | ||||
| CVE-2024-9110 | 1 Beyondtrust | 1 Privileged Identity | 2024-11-01 | 6.4 Medium |
| A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. | ||||
| CVE-2024-6581 | 2 Lollms, Parisneo | 2 Lord Of Large Language Models, Lollms | 2024-11-01 | 9.0 Critical |
| A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, which in turn pose a risk of remote code execution. The sanitize_svg function only removes script elements and 'on*' event attributes, but does not account for other potential vectors for XSS within SVG files. This vulnerability can be exploited when authorized users access a malicious URL containing the crafted SVG file. | ||||
| CVE-2024-44573 | 2024-11-01 | 4.7 Medium | ||
| A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-28823 | 2024-11-01 | 6.1 Medium | ||
| Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html. | ||||
| CVE-2024-25080 | 2024-11-01 | 4.7 Medium | ||
| WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer. | ||||
| CVE-2023-49976 | 2024-11-01 | 5.4 Medium | ||
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket. | ||||
| CVE-2023-25199 | 2024-11-01 | 5.4 Medium | ||
| A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser. | ||||
| CVE-2024-49660 | 1 Campusexplorer | 1 Widget | 2024-11-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Campus Explorer Campus Explorer Widget allows Reflected XSS.This issue affects Campus Explorer Widget: from n/a through 1.4. | ||||
| CVE-2024-49661 | 1 Leenk | 1 Leenk.me | 2024-11-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lew Ayotte leenk.Me allows Reflected XSS.This issue affects leenk.Me: from n/a through 2.16.0. | ||||
| CVE-2022-20916 | 1 Cisco | 1 Iot Control Center | 2024-11-01 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||