Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52419 | 1 Maheshwaghmare | 1 Copy Anything To Clipboard | 2024-11-20 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Clipboard Team Copy Anything to Clipboard allows Stored XSS.This issue affects Copy Anything to Clipboard: from n/a through 4.0.3.
|
|||||
| CVE-2024-51814 | 2024-11-20 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 野人 活动链接推广插件 allows DOM-Based XSS.This issue affects 活动链接推广插件: from n/a through 1.2.0.
|
|||||
| CVE-2024-52422 | 1 Terryl | 1 Wp Githuber Md | 2024-11-20 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Terry Lin WP Githuber MD allows Stored XSS.This issue affects WP Githuber MD: from n/a through 1.16.3.
|
|||||
| CVE-2024-11240 | 1 Ibphoenix | 1 Ibwebadmin | 2024-11-20 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db_login_role leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-49754 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.
|
|||||
| CVE-2024-39610 | 1 Cleancoder | 1 Fitnesse | 2024-11-20 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
|
|||||
| CVE-2024-9356 | 1 Yotpo | 1 Yotpo | 2024-11-20 | N/A | 6.1 MEDIUM |
|
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-10825 | 1 Wpplugins | 1 Hide My Wp Ghost | 2024-11-20 | N/A | 6.1 MEDIUM |
|
The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-52423 | 1 Themify | 1 Builder | 2024-11-20 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3.
|
|||||
| CVE-2024-52425 | 1 Urchenko | 1 Drozd | 2024-11-20 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Urchenko Drozd – Addons for Elementor allows Stored XSS.This issue affects Drozd – Addons for Elementor: from n/a through 1.1.1.
|
|||||
| CVE-2024-52426 | 1 Linear | 1 Linear | 2024-11-20 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Linear Oy Linear linear allows DOM-Based XSS.This issue affects Linear: from n/a through 2.7.11.
|
|||||
| CVE-2024-51497 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.
|
|||||
| CVE-2024-51495 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwrite_ip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0.
|
|||||
| CVE-2024-51494 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the "Port Settings" page is visited, potentially compromising the user's session and allowing unauthorized actions. This vulnerability is fixed in 24.1 ...
Show More |
|||||
| CVE-2024-49758 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 4.8 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0.
|
|||||
| CVE-2024-49759 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "bill_name" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the "Bill Access" dropdown in the user's "Manage Access" page, potentially compromising user sessions and allowing unauthorized actions. This vuln ...
Show More |
|||||
| CVE-2024-49764 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture Debug Information" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. This vulner ...
Show More |
|||||
| CVE-2024-50350 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions ...
Show More |
|||||
| CVE-2024-50355 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 4.8 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can be trigger from different sources. This vulnerability is fixed in 24.10.0.
|
|||||
| CVE-2024-52526 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed ...
Show More |
|||||
| CVE-2024-50352 | 1 Librenms | 1 Librenms | 2024-11-20 | N/A | 5.4 MEDIUM |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerabil ...
Show More |
|||||
| CVE-2024-20538 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface on an affected system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script ...
Show More |
|||||
| CVE-2024-11246 | 1 Anisha | 1 Farmacia | 2024-11-20 | 4.0 MEDIUM | 5.4 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "nome" to be affected. But further inspection indicates that other parameters might be ...
Show More |
|||||
| CVE-2024-50532 | 2024-11-19 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jerin K Alexander Events Manager Pro – extended allows Reflected XSS.This issue affects Events Manager Pro – extended: from n/a through 0.1.
|
|||||
| CVE-2024-50545 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Auburnforest DataMentor allows DOM-Based XSS.This issue affects DataMentor: from n/a through 1.7.
|
|||||
| CVE-2024-11198 | 2024-11-19 | N/A | 6.4 MEDIUM | ||
|
The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-52349 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md. Shiddikur Rahman Awesome Tool Tip allows DOM-Based XSS.This issue affects Awesome Tool Tip: from n/a through 1.0.
|
|||||
| CVE-2024-50546 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Print Reach, Inc. MyOrderDesk allows DOM-Based XSS.This issue affects MyOrderDesk: from n/a through 3.2.6.
|
|||||
| CVE-2024-51798 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Surbma Surbma | Font Awesome allows DOM-Based XSS.This issue affects Surbma | Font Awesome: from n/a through 3.0.
|
|||||
| CVE-2024-51833 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noman Akhtar Easy Social Sharebar allows Stored XSS.This issue affects Easy Social Sharebar: from n/a through 1.0.0.
|
|||||
| CVE-2024-51803 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnetic Creative Inline Click To Tweet allows DOM-Based XSS.This issue affects Inline Click To Tweet: from n/a through 1.0.0.
|
|||||
| CVE-2024-9830 | 2024-11-19 | N/A | 6.1 MEDIUM | ||
|
The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-51809 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Rood Keymaster Chord Notation Free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through 1.0.2.
|
|||||
| CVE-2024-52418 | 2024-11-19 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CactusThemes Gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through 1.5.10.
|
|||||
| CVE-2024-50553 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Classy Addons Classy Addons for Elementor allows DOM-Based XSS.This issue affects Classy Addons for Elementor: from n/a through 1.2.7.
|
|||||
| CVE-2024-51053 | 2024-11-19 | N/A | 9.8 CRITICAL | ||
|
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file.
|
|||||
| CVE-2024-50542 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zach Silberstein RLM Elementor Widgets Pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through 1.3.1.
|
|||||
| CVE-2024-33231 | 2024-11-19 | N/A | 5.4 MEDIUM | ||
|
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.
|
|||||
| CVE-2024-51795 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ByteLabX Pdf Embedder Fay allows DOM-Based XSS.This issue affects Pdf Embedder Fay: from n/a through 1.10.1.
|
|||||
| CVE-2024-51828 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel J Griffiths Beacon For Help Scout allows DOM-Based XSS.This issue affects Beacon For Help Scout: from n/a through 1.3.0.
|
|||||