Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43320 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.9.
|
|||||
| CVE-2024-43263 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3.
|
|||||
| CVE-2024-43262 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8.
|
|||||
| CVE-2024-43306 | 2024-08-19 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0.
|
|||||
| CVE-2024-43244 | 2024-08-19 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4.
|
|||||
| CVE-2024-43246 | 2024-08-19 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5.
|
|||||
| CVE-2024-43351 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Bravada bravada allows Stored XSS.This issue affects Bravada: from n/a through 1.1.2.
|
|||||
| CVE-2024-43352 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Organic Themes GivingPress Lite allows Stored XSS.This issue affects GivingPress Lite: from n/a through 1.8.6.
|
|||||
| CVE-2024-43349 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.19.
|
|||||
| CVE-2024-43241 | 2024-08-19 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azzaroco Ultimate Membership Pro allows Reflected XSS.This issue affects Ultimate Membership Pro: from n/a through 12.6.
|
|||||
| CVE-2024-43353 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.7.2.
|
|||||
| CVE-2024-43284 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.5.1.
|
|||||
| CVE-2024-43279 | 2024-08-19 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8.
|
|||||
| CVE-2024-43307 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2.
|
|||||
| CVE-2024-43278 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13.
|
|||||
| CVE-2024-39666 | 2024-08-19 | N/A | 5.9 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2.
|
|||||
| CVE-2024-43294 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Timeline Lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through 1.2.0.
|
|||||
| CVE-2024-43344 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Icegram allows Stored XSS.This issue affects Icegram: from n/a through 3.1.25.
|
|||||
| CVE-2024-43267 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This issue affects Mega Addons For Elementor: from n/a through 1.9.
|
|||||
| CVE-2024-43347 | 2024-08-19 | N/A | 5.9 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3.
|
|||||
| CVE-2024-7709 | 2024-08-17 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2024-38108 | 1 Microsoft | 1 Azure Stack Hub | 2024-08-16 | N/A | 9.3 CRITICAL |
|
Azure Stack Hub Spoofing Vulnerability
|
|||||
| CVE-2024-38211 | 1 Microsoft | 1 Dynamics 365 | 2024-08-15 | N/A | 8.2 HIGH |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
|||||
| CVE-2024-7343 | 1 Baidu | 1 Ueditor | 2024-08-15 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respon ...
Show More |
|||||
| CVE-2024-7678 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_package. The manipulation of the argument name/description/training_duration leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-7677 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument contact/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-7657 | 1 Gilacms | 1 Gila Cms | 2024-08-15 | 4.0 MEDIUM | 5.4 MEDIUM |
|
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-33993 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'.
|
|||||
| CVE-2024-33992 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'.
|
|||||
| CVE-2024-33991 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'.
|
|||||
| CVE-2024-33990 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'.
|
|||||
| CVE-2024-33989 | 1 Janobe | 1 School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'eventdate' and 'events' parameters in 'port/event_print.php'.
|
|||||
| CVE-2024-33985 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php'.
|
|||||
| CVE-2024-33986 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/department/index.php'.
|
|||||
| CVE-2024-33987 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate', 'YearLevel', 'eventdate', 'events', 'Users' and 'YearLevel' parameters in '/report/index.php'.
|
|||||
| CVE-2024-33988 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/report/attendance_print.php'.
|
|||||
| CVE-2024-33984 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/index.php'.
|
|||||
| CVE-2024-33983 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'.
|
|||||
| CVE-2024-33982 | 1 Janobe | 2 School Attendence Monitoring System, School Event Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'.
|
|||||
| CVE-2024-33978 | 1 Janobe | 1 Young Entrepreneur E-negosyo System | 2024-08-15 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'.
|
|||||