Total
30497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49662 | 1 Webgensis | 1 Simple Load More | 2024-11-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webgensis Simple Load More allows Reflected XSS.This issue affects Simple Load More: from n/a through 1.0. | ||||
| CVE-2024-49663 | 1 Elenazhyvohliad | 1 Ucat | 2024-11-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elena Zhyvohliad uCAT – Next Story allows Reflected XSS.This issue affects uCAT – Next Story: from n/a through 2.0.0. | ||||
| CVE-2022-20869 | 1 Cisco | 1 Broadworks | 2024-11-01 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | ||||
| CVE-2024-49664 | 1 Chatplusjp | 1 Chatplusjp | 2024-11-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in allows Reflected XSS.This issue affects chatplusjp: from n/a through 1.02. | ||||
| CVE-2024-49665 | 1 Webbricks | 1 Web Bricks Addons | 2024-11-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks Addons for Elementor: from n/a through 1.1.1. | ||||
| CVE-2022-20820 | 1 Cisco | 1 Webex Meetings | 2024-11-01 | 5.4 Medium |
| Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2024-49667 | 1 Nervythemes | 1 Local Business Addons For Elementor | 2024-11-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NervyThemes Local Business Addons For Elementor allows Stored XSS.This issue affects Local Business Addons For Elementor: from n/a through 1.1.5. | ||||
| CVE-2024-33866 | 2024-11-01 | 5.5 Medium | ||
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS. | ||||
| CVE-2023-52045 | 1 Std42 | 1 Elfinder | 2024-11-01 | 6.1 Medium |
| Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability. | ||||
| CVE-2024-6361 | 1 Opentext | 1 Alm Octane | 2024-11-01 | 5.4 Medium |
| Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack. | ||||
| CVE-2024-37422 | 2 Emilia, Emiliaprojects | 2 Progress Planner, Progress Planner | 2024-11-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Emilia Projects Progress Planner allows Stored XSS.This issue affects Progress Planner: from n/a through 0.9.2. | ||||
| CVE-2024-9219 | 1 Maxfoundry | 1 Social Share Buttons | 2024-11-01 | 6.1 Medium |
| The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-20377 | 1 Cisco | 1 Firepower Management Center | 2024-11-01 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker could exploit this vulnerability by by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2024-20341 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-11-01 | 6.1 Medium |
| A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this vulnerability by persuading a user to follow a link designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page. | ||||
| CVE-2022-27105 | 1 Digitus | 1 Inmailx | 2024-11-01 | 5.4 Medium |
| InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users. | ||||
| CVE-2024-49651 | 1 Mattroyal | 1 Woocommerce Maintenance Mode | 2024-11-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matt Royal WooCommerce Maintenance Mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through 2.0.1. | ||||
| CVE-2024-42515 | 1 Pebbleroad | 1 Glossarizer | 2024-11-01 | 9.9 Critical |
| Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry. | ||||
| CVE-2024-36819 | 2024-11-01 | 5.4 Medium | ||
| MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee dashboards, resulting in unauthorized script execution whenever the dashboard is loaded. | ||||
| CVE-2023-49973 | 2024-11-01 | 6.1 Medium | ||
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2024-22397 | 2024-11-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code. | ||||