Total
30540 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45094 | 1 Okta | 1 Imprivata Privileged Access Management | 2024-10-24 | 5.4 Medium |
| Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | ||||
| CVE-2023-37164 | 1 Diafan | 1 Diafan.cms | 2024-10-24 | 6.1 Medium |
| Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search. | ||||
| CVE-2023-37600 | 1 Mobisystems | 1 Office Suite | 2024-10-24 | 6.1 Medium |
| Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile. | ||||
| CVE-2021-39421 | 1 Seeddms | 1 Seeddms | 2024-10-24 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-51067 | 1 Qstar | 1 Archive Storage Manager | 2024-10-24 | 6.1 Medium |
| An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | ||||
| CVE-2022-28865 | 1 Nokia | 1 Netact | 2024-10-24 | 5.4 Medium |
| An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. | ||||
| CVE-2022-28867 | 1 Nokia | 1 Netact | 2024-10-24 | 5.4 Medium |
| An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | ||||
| CVE-2023-37742 | 1 Webboss | 1 Webboss.io Cms | 2024-10-24 | 6.1 Medium |
| WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-32624 | 1 Sakura | 1 Ts Webfonts | 2024-10-24 | 6.1 Medium |
| Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | ||||
| CVE-2024-48656 | 2 Angeljudesuarez, Itsourcecode | 2 Student Management System, Student Management System | 2024-10-24 | 5.4 Medium |
| Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | ||||
| CVE-2021-39014 | 1 Ibm | 1 Cloud Object Storage System | 2024-10-24 | 6.4 Medium |
| IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650. | ||||
| CVE-2024-49631 | 1 Mdabdulkader | 1 Easy Addons For Elementor | 2024-10-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0. | ||||
| CVE-2024-10286 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to. | ||||
| CVE-2024-10289 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName. | ||||
| CVE-2024-10288 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName. | ||||
| CVE-2024-10287 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName. | ||||
| CVE-2023-3538 | 1 Simplephpscripts | 1 Photo Gallery Php | 2024-10-23 | 3.5 Low |
| A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-34869 | 1 Phpjabbers | 1 Catering System | 2024-10-23 | 6.1 Medium |
| PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot. | ||||
| CVE-2024-49630 | 1 Hasthemes | 1 Wp Education | 2024-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8. | ||||
| CVE-2023-3540 | 1 Simplephpscripts | 1 Newsletter Script Php | 2024-10-23 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292. | ||||