Total
30543 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49323 | 1 Sourav | 1 All In One Slider | 2024-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sourav All in One Slider allows Reflected XSS.This issue affects All in One Slider: from n/a through 1.1. | ||||
| CVE-2024-49606 | 1 Dotsquares | 1 Google Map Locations | 2024-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0. | ||||
| CVE-2023-37623 | 1 Netdisco | 1 Netdisco | 2024-10-23 | 4.8 Medium |
| Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm. | ||||
| CVE-2023-37692 | 1 Octobercms | 1 October | 2024-10-23 | 5.4 Medium |
| An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2023-28013 | 1 Hcltech | 1 Verse | 2024-10-23 | 6.5 Medium |
| HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | ||||
| CVE-2024-0318 | 1 Fireeye | 1 Hxtool | 2024-10-23 | 5.4 Medium |
| Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded. | ||||
| CVE-2023-52068 | 1 Kodcloud | 1 Kodbox | 2024-10-23 | 6.1 Medium |
| kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs. | ||||
| CVE-2024-3166 | 1 Mintplexlabs | 2 Anythingllm Desktop, Anythingllm Webapp | 2024-10-23 | 9.6 Critical |
| A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, which can be exploited to execute arbitrary JavaScript code. In the desktop application, this flaw can be escalated to Remote Code Execution (RCE) due to insecure application settings, specifically the enabling of 'nodeIntegration' and the disabling of 'contextIsolation' in Electron's webPreferences. The issue has been addressed in version 1.4.2 of the desktop application. | ||||
| CVE-2023-37280 | 1 Pimcore | 1 Admin Classic Bundle | 2024-10-23 | 5 Medium |
| Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3. | ||||
| CVE-2024-46236 | 1 Codeastro | 1 Membership Management System | 2024-10-23 | 5.4 Medium |
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. | ||||
| CVE-2024-46238 | 1 Phpgurukul | 1 Hospital Management System | 2024-10-23 | 5.9 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php | ||||
| CVE-2024-48709 | 1 Codeastro | 1 Membership Management System | 2024-10-23 | 5.4 Medium |
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php | ||||
| CVE-2024-46239 | 1 Phpgurukul | 1 Hospital Management System | 2024-10-23 | 5.9 Medium |
| Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. | ||||
| CVE-2023-28158 | 1 Apache | 1 Archiva | 2024-10-23 | 6.5 Medium |
| Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user. | ||||
| CVE-2024-40088 | 1 Vilo | 1 5 Mesh Wifi System | 2024-10-23 | 5.3 Medium |
| A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request. | ||||
| CVE-2022-3836 | 1 Seedwebs | 1 Seed Social | 2024-10-23 | 4.8 Medium |
| The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-41336 | 1 Fortinet | 1 Fortiportal | 2024-10-23 | 6.6 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter. | ||||
| CVE-2022-41334 | 1 Fortinet | 1 Fortios | 2024-10-23 | 8.6 High |
| An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. | ||||
| CVE-2023-38061 | 1 Jetbrains | 1 Teamcity | 2024-10-23 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible | ||||
| CVE-2023-38063 | 1 Jetbrains | 1 Teamcity | 2024-10-23 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible | ||||