Total
299 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32489 | 2024-08-19 | 6.1 Medium | ||
| TCPDF before 6.7.4 mishandles calls that use HTML syntax. | ||||
| CVE-2024-5741 | 1 Checkmk | 1 Checkmk | 2024-08-16 | 6.5 Medium |
| Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | ||||
| CVE-2023-49453 | 2024-08-16 | 6.1 Medium | ||
| Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php. | ||||
| CVE-2024-29374 | 2024-08-15 | 6.1 Medium | ||
| A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter. | ||||
| CVE-2020-13965 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-08-14 | 6.1 Medium |
| An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview. | ||||
| CVE-2003-5003 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-08-08 | 5 Medium |
| A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2022-31035 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-08-07 | 9 Critical |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. | ||||
| CVE-2008-10001 | 1 Pro2col | 1 Stingray Fts | 2024-08-07 | 5.5 Medium |
| A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2016-9500 | 1 Accellion | 1 Ftp Server | 2024-08-06 | N/A |
| Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting. | ||||
| CVE-2016-9493 | 1 Jqueryform | 1 Php Formmail Generator | 2024-08-06 | N/A |
| The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename. | ||||
| CVE-2017-20108 | 1 Easy Table Project | 1 Easy Table | 2024-08-05 | 3.5 Low |
| A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely. | ||||
| CVE-2017-20114 | 1 Trueconf | 1 Server | 2024-08-05 | 3.5 Low |
| A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20113 | 1 Trueconf | 1 Server | 2024-08-05 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20140 | 1 Ambit | 1 Movie Portal Script | 2024-08-05 | 4.3 Medium |
| A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /movie.php. The manipulation of the argument f with the input <img src=i onerror=prompt(1)> leads to basic cross site scripting (Reflected). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20122 | 1 Bitrix24 | 1 Bitrix Site Manager | 2024-08-05 | 3.5 Low |
| A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20118 | 1 Trueconf | 1 Server | 2024-08-05 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20116 | 1 Trueconf | 1 Server | 2024-08-05 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20117 | 1 Trueconf | 1 Server | 2024-08-05 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20115 | 1 Trueconf | 1 Server | 2024-08-05 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20098 | 1 Weblizar | 1 Admin Custom Login | 2024-08-05 | 3.5 Low |
| A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. | ||||