Total
30728 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-20133 | 1 Cisco | 1 Webex Meetings | 2024-10-23 | 5.4 Medium |
A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
CVE-2023-3555 | 1 Gzscripts | 1 Php Vacation Rental Script | 2024-10-23 | 3.5 Low |
A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sort_by/property_id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233349 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-3559 | 1 Gzscripts | 1 Php Gz Appointment Scheduling Script | 2024-10-23 | 3.5 Low |
A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233353 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-35929 | 1 Enalean | 1 Tuleap | 2024-10-23 | 5.4 Medium |
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix. | ||||
CVE-2022-43711 | 1 Gxsoftware | 1 Xperiencentral | 2024-10-23 | 6.1 Medium |
Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src. | ||||
CVE-2023-2853 | 1 Softmedyazilim | 1 Selfpatron | 2024-10-23 | 6.1 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS.This issue affects SelfPatron : before 2.0. | ||||
CVE-2023-36806 | 1 Contao | 1 Contao | 2024-10-23 | 6.5 Medium |
Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users. | ||||
CVE-2022-31455 | 1 Truedesk | 1 Truedesk | 2024-10-23 | 6.1 Medium |
* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box. | ||||
CVE-2024-46482 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2024-10-23 | 8.2 High |
An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file. | ||||
CVE-2024-25224 | 1 Code-projects | 1 Simple Admin Panel | 2024-10-23 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function. | ||||
CVE-2024-25225 | 1 Code-projects | 1 Simple Admin Panel | 2024-10-23 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | ||||
CVE-2024-25226 | 1 Code-projects | 1 Simple Admin Panel | 2024-10-23 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | ||||
CVE-2023-36918 | 1 Sap | 1 Enable Now | 2024-10-23 | 6.1 Medium |
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information. | ||||
CVE-2024-48049 | 1 Mightyplugins | 1 Mighty Builder | 2024-10-23 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mighty Plugins Mighty Builder allows Stored XSS.This issue affects Mighty Builder: from n/a through 1.0.2. | ||||
CVE-2024-49334 | 1 Unizoewebsolutions | 1 Jlayer Parallax Slider | 2024-10-23 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unizoe Web Solutions jLayer Parallax Slider allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through 1.0. | ||||
CVE-2024-49323 | 1 Sourav | 1 All In One Slider | 2024-10-23 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sourav All in One Slider allows Reflected XSS.This issue affects All in One Slider: from n/a through 1.1. | ||||
CVE-2024-49606 | 1 Dotsquares | 1 Google Map Locations | 2024-10-23 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0. | ||||
CVE-2023-37623 | 1 Netdisco | 1 Netdisco | 2024-10-23 | 4.8 Medium |
Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm. | ||||
CVE-2023-37692 | 1 Octobercms | 1 October | 2024-10-23 | 5.4 Medium |
An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. | ||||
CVE-2023-28013 | 1 Hcltech | 1 Verse | 2024-10-23 | 6.5 Medium |
HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. |