Total
30498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36656 | 1 Jaegertracing | 1 Jaeger Ui | 2024-10-30 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component. | ||||
| CVE-2023-2507 | 1 Clevertap | 1 Clevertap | 2024-10-30 | 9.3 Critical |
| CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | ||||
| CVE-2023-31851 | 1 Cudy | 2 Lt400, Lt400 Firmware | 2024-10-30 | 6.1 Medium |
| Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter. | ||||
| CVE-2023-31852 | 2 Cuby, Cudy | 3 Lt400, Lt400 Firmware, Lt400 | 2024-10-30 | 6.1 Medium |
| Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter. | ||||
| CVE-2023-32711 | 1 Splunk | 1 Splunk | 2024-10-30 | 5.4 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload. | ||||
| CVE-2023-32715 | 1 Splunk | 1 Splunk App For Lookup File Editing | 2024-10-30 | 4.7 Medium |
| In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will. | ||||
| CVE-2024-36992 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-30 | 5.4 Medium |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit. | ||||
| CVE-2023-22933 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-30 | 8 High |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. | ||||
| CVE-2024-36993 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-30 | 5.4 Medium |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. | ||||
| CVE-2023-22932 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-30 | 8 High |
| In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. | ||||
| CVE-2024-36997 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-30 | 4.6 Medium |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit. | ||||
| CVE-2024-45741 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2024-10-30 | 5.4 Medium |
| In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user. | ||||
| CVE-2024-36994 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-30 | 5.4 Medium |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. | ||||
| CVE-2024-45740 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-30 | 5.4 Medium |
| In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user. | ||||
| CVE-2023-40592 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-30 | 8.4 High |
| In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance. | ||||
| CVE-2023-46213 | 1 Splunk | 3 Cloud, Splunk, Splunk Cloud Platform | 2024-10-30 | 4.8 Medium |
| In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | ||||
| CVE-2023-37613 | 1 Assemblysoftware | 1 Trialworks | 2024-10-30 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter. | ||||
| CVE-2023-3565 | 1 Teampass | 1 Teampass | 2024-10-30 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | ||||
| CVE-2024-6130 | 2024-10-30 | 4.8 Medium | ||
| The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-2159 | 1 Wpsocialrocket | 1 Social Sharing Plugin | 2024-10-30 | 4.7 Medium |
| The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||