Total
30540 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3542 | 1 Thinutech | 1 Thinu-cms | 2024-10-23 | 3.5 Low |
| A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability. | ||||
| CVE-2020-35698 | 1 Thinkific | 1 Thinkific | 2024-10-23 | 6.1 Medium |
| Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attack vector is: To exploit the vulnerability any user has to just visit the link - https://hacktify.thinkific.com/account/billing?success=%E2%80%AA%3Cscript%3Ealert(1)%3C/script%3E. ΒΆΒΆ Thinkific is a Website based Learning Platform Product which is used by thousands of users worldwide. There is a Cross Site Scripting (XSS) based vulnerability in the code of the CMS where any attacker can execute a XSS attack. Proof of Concept & Steps to Reproduce: Step1 : Go to Google.com Step 2 : Search for this Dork site:thinkific.com -www Step 3 : You will get a list of websites which are running on the thinkific domains. Step 4 : Create account and signin in any of the website Step 5 : Add this endpoint at the end of the domain and you will see that there is a XSS Alert /account/billing?success=%E2%80%AA<script>alert(1)</script> Step 6 : Choose any domains from google for any website this exploit will work on all the websites as it is a code based flaw in the CMS Step 7 : Thousands of websites are vulnerable due to this vulnerable code in the CMS itself which is giving rise to the XSS attack. | ||||
| CVE-2023-20133 | 1 Cisco | 1 Webex Meetings | 2024-10-23 | 5.4 Medium |
| A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2023-3555 | 1 Gzscripts | 1 Php Vacation Rental Script | 2024-10-23 | 3.5 Low |
| A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sort_by/property_id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233349 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3559 | 1 Gzscripts | 1 Php Gz Appointment Scheduling Script | 2024-10-23 | 3.5 Low |
| A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233353 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-35929 | 1 Enalean | 1 Tuleap | 2024-10-23 | 5.4 Medium |
| Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix. | ||||
| CVE-2022-43711 | 1 Gxsoftware | 1 Xperiencentral | 2024-10-23 | 6.1 Medium |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src. | ||||
| CVE-2023-2853 | 1 Softmedyazilim | 1 Selfpatron | 2024-10-23 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS.This issue affects SelfPatron : before 2.0. | ||||
| CVE-2023-36806 | 1 Contao | 1 Contao | 2024-10-23 | 6.5 Medium |
| Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users. | ||||
| CVE-2022-31455 | 1 Truedesk | 1 Truedesk | 2024-10-23 | 6.1 Medium |
| * A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box. | ||||
| CVE-2024-46482 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2024-10-23 | 8.2 High |
| An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file. | ||||
| CVE-2024-25224 | 1 Code-projects | 1 Simple Admin Panel | 2024-10-23 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function. | ||||
| CVE-2024-25225 | 1 Code-projects | 1 Simple Admin Panel | 2024-10-23 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | ||||
| CVE-2024-25226 | 1 Code-projects | 1 Simple Admin Panel | 2024-10-23 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | ||||
| CVE-2023-36918 | 1 Sap | 1 Enable Now | 2024-10-23 | 6.1 Medium |
| In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information. | ||||
| CVE-2024-48049 | 1 Mightyplugins | 1 Mighty Builder | 2024-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mighty Plugins Mighty Builder allows Stored XSS.This issue affects Mighty Builder: from n/a through 1.0.2. | ||||
| CVE-2024-49334 | 1 Unizoewebsolutions | 1 Jlayer Parallax Slider | 2024-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unizoe Web Solutions jLayer Parallax Slider allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through 1.0. | ||||
| CVE-2024-49323 | 1 Sourav | 1 All In One Slider | 2024-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sourav All in One Slider allows Reflected XSS.This issue affects All in One Slider: from n/a through 1.1. | ||||
| CVE-2024-49606 | 1 Dotsquares | 1 Google Map Locations | 2024-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0. | ||||
| CVE-2023-37623 | 1 Netdisco | 1 Netdisco | 2024-10-23 | 4.8 Medium |
| Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm. | ||||