Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10744 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10745 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10746 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10747 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_th.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10754 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10755 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Affected is an unknown function of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10756 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10757 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/js_data.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-47801 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | N/A | 6.1 MEDIUM |
|
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability.
Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
|
|||||
| CVE-2024-48870 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | N/A | 4.8 MEDIUM |
|
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability.
If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.
|
|||||
| CVE-2024-10342 | 1 Tezzeract | 1 League Of Legends Shortcodes | 2024-11-05 | N/A | 5.4 MEDIUM |
|
The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-10150 | 1 Bamazoo | 1 Button Generator | 2024-11-05 | N/A | 5.4 MEDIUM |
|
The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-9607 | 1 10web | 1 10web Social Post Feed | 2024-11-05 | N/A | 6.1 MEDIUM |
|
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Please note this is only exploitable when the leave a review notice is present.
|
|||||
| CVE-2024-9585 | 1 Webcraftplugins | 1 Image Map Pro | 2024-11-05 | N/A | 5.4 MEDIUM |
|
The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-10701 | 1 Phpgurukul | 1 Car Rental Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-50346 | 2024-11-05 | N/A | N/A | ||
|
WebFeed is a lightweight web feed reader extension for Firefox/Chrome. Multiple HTML injection vulnerabilities in WebFeed can lead to CSRF and UI spoofing attacks. A remote attacker can provide malicious RSS feeds and attract the victim user to visit it using WebFeed. The attacker can then inject malicious HTML into the extension page and fool the victim into sending out HTTP requests to arbitrary sites with the victim's credentials. Users are vulnerable to CSRF attacks when visiting malicious R ...
Show More |
|||||
| CVE-2024-10340 | 2024-11-05 | N/A | 6.4 MEDIUM | ||
|
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-51498 | 2024-11-05 | N/A | N/A | ||
|
cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the `javascript:` protocol, resulting in Cross-site Scripting (XSS) when the user tries to download an item from a picker. This issue has been present since commit `66bac03e`, was mitigated in commit `97977efa` (correctly configured web instances were no longer vulnerable) and fully fixed in commit `c4be1d3a` (included in release version 10.2.1). Users are advised to upgrade. Users unable t ...
Show More |
|||||
| CVE-2024-37844 | 1 Radixiot | 1 Mango | 2024-11-05 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2024-51432 | 2024-11-04 | N/A | 4.8 MEDIUM | ||
|
Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized
|
|||||
| CVE-2024-41930 | 2024-11-04 | N/A | 6.1 MEDIUM | ||
|
Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
|
|||||
| CVE-2024-48410 | 2024-11-04 | N/A | 6.1 MEDIUM | ||
|
Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php.
|
|||||
| CVE-2024-44731 | 2024-11-04 | N/A | 4.7 MEDIUM | ||
|
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.
|
|||||
| CVE-2024-9896 | 1 Spider-themes | 1 Bbp Core | 2024-11-04 | N/A | 6.1 MEDIUM |
|
The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-9868 | 1 Bdthemes | 1 Element Pack | 2024-11-04 | N/A | 5.4 MEDIUM |
|
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an i ...
Show More |
|||||
| CVE-2024-51076 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2024-11-04 | N/A | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.
|
|||||
| CVE-2024-51075 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2024-11-04 | N/A | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter.
|
|||||
| CVE-2024-51181 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-11-04 | N/A | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.
|
|||||
| CVE-2024-51180 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-11-04 | N/A | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter.
|
|||||
| CVE-2024-8739 | 1 Wedevs | 1 Recaptcha Integration | 2024-11-04 | N/A | 6.1 MEDIUM |
|
The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-10310 | 1 Bdthemes | 1 Element Pack | 2024-11-04 | N/A | 5.4 MEDIUM |
|
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user ...
Show More |
|||||
| CVE-2024-37879 | 2024-11-01 | N/A | 4.8 MEDIUM | ||
|
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".
|
|||||
| CVE-2024-51492 | 2024-11-01 | N/A | 8.8 HIGH | ||
|
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on (raw) image load. With certain payloads, theft of the target user’s long-lived session token is possible. Note that Zusam, at the time of writing, uses a user’s static API key as a long-lived session token, and these terms can be used interchangeably on the platform. This session token/API key remains val ...
Show More |
|||||
| CVE-2024-49659 | 1 Chartscss | 1 Coub | 2024-11-01 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Coub allows Stored XSS.This issue affects Coub: from n/a through 1.4.
|
|||||
| CVE-2024-49654 | 1 Marianheddesheimer | 1 Extra Privacy For Elementor | 2024-11-01 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Heddesheimer Extra Privacy for Elementor allows Reflected XSS.This issue affects Extra Privacy for Elementor: from n/a through 0.1.3.
|
|||||
| CVE-2024-49656 | 1 Abdullahirfan | 1 Documentpress | 2024-11-01 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n/a through 2.1.
|
|||||
| CVE-2024-20300 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | N/A | 5.4 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A succes ...
Show More |
|||||
| CVE-2024-6581 | 1 Lollms | 1 Lord Of Large Language Models | 2024-11-01 | N/A | 9.0 CRITICAL |
|
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, which in turn pose a risk of remote code execution. The sanitize_svg function only removes script elements and 'on*' event attributes, but does not account for other potential vectors for XSS within SVG files. This vulnerability can be exploited ...
Show More |
|||||
| CVE-2024-49660 | 1 Campusexplorer | 1 Widget | 2024-11-01 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Campus Explorer Campus Explorer Widget allows Reflected XSS.This issue affects Campus Explorer Widget: from n/a through 1.4.
|
|||||
| CVE-2024-49661 | 1 Leenk | 1 Leenk.me | 2024-11-01 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lew Ayotte leenk.Me allows Reflected XSS.This issue affects leenk.Me: from n/a through 2.16.0.
|
|||||