Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37350 | 1 Absolute | 1 Secure Access | 2024-11-21 | N/A | 6.5 MEDIUM |
|
There is a cross-site scripting vulnerability in the policy
management UI of Absolute Secure Access prior to version 13.06. Attackers can
interfere with a system administrator’s use of the policy management UI when
the attacker convinces the victim administrator to follow a crafted link to the
vulnerable component while the attacking administrator is authenticated to the
console. The scope is unchanged, there is no loss of confidentiality. Impact to
system integrity is high, impact to system ava ...
Show More |
|||||
| CVE-2024-37349 | 1 Absolute | 1 Secure Access | 2024-11-21 | N/A | 4.5 MEDIUM |
|
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with other system
administrator’s use of the management UI when the victim administrator edits
the same management object. This vulnerability is distinct from CVE-2024-37348 and
CVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impact
to system integrity is high, impact to system availability ...
Show More |
|||||
| CVE-2024-37348 | 1 Absolute | 1 Secure Access | 2024-11-21 | N/A | 4.5 MEDIUM |
|
There is a cross-site
scripting vulnerability in the management UI of Absolute Secure Access prior to
version 13.06. Attackers with system administrator permissions can interfere
with another system administrator’s use of the management UI when the second
administrator later edits the same management object. This vulnerability is
distinct from CVE-2024-37349 and CVE-2024-37351. The scope is unchanged,
there is no loss of confidentiality. Impact to system integrity is high, impact
to system avai ...
Show More |
|||||
| CVE-2024-37347 | 1 Absolute | 1 Secure Access | 2024-11-21 | N/A | 4.5 MEDIUM |
|
There is a cross-site scripting vulnerability in the pool
configuration component of the management UI of Absolute Secure Access prior to
13.06. Attackers with system administrator permissions can pass a limited
length script to be run by another administrator. The scope is unchanged, there
is no loss of confidentiality. Impact to system integrity is high, impact to
system availability is none.
|
|||||
| CVE-2024-37345 | 1 Absolute | 1 Secure Access | 2024-11-21 | N/A | 5.3 MEDIUM |
|
There is a cross-site scripting vulnerability in the Secure
Access administrative UI of Absolute Secure Access prior to version 13.06.
Attackers can pass a limited-length script to the administrative UI which is
then stored where an administrator can access it. The scope is unchanged, there
is no loss of confidentiality. Impact to system availability is none, impact to
system integrity is high
|
|||||
| CVE-2024-37344 | 1 Absolute | 1 Secure Access | 2024-11-21 | N/A | 4.5 MEDIUM |
|
There is a cross-site scripting vulnerability in the Policy
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with another system
administrator’s use of the policy management UI when the administrators are
editing the same policy object. The scope is unchanged, there is no loss of
confidentiality. Impact to system availability is none, impact to system
integrity is high.
|
|||||
| CVE-2024-37343 | 1 Absolute | 1 Secure Access | 2024-11-21 | N/A | 4.8 MEDIUM |
|
There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.06.
Attackers with valid tunnel credentials can pass a limited-length script to the
administrative console which is then temporarily stored where an administrator
using a non-default configuration could click on it while the attacker has a
valid tunnel session with the server. The scope is unchanged, there is no loss
of confidentiality. Impact to system availabi ...
Show More |
|||||
| CVE-2024-37297 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
|
WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the `Sourcebuster.js` library and ...
Show More |
|||||
| CVE-2024-37278 | 1 Brainstormforce | 1 Cards For Beaver Builder | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Cards for Beaver Builder.This issue affects Cards for Beaver Builder: from n/a through 1.1.4.
|
|||||
| CVE-2024-37275 | 1 Nextscripts | 1 Social Networks Auto Poster | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NextScripts allows Reflected XSS.This issue affects NextScripts: from n/a through 4.4.6.
|
|||||
| CVE-2024-37271 | 1 Print My Blog Project | 1 Print My Blog | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0.
|
|||||
| CVE-2024-37267 | 1 Kaptinlin | 1 Striking | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in kaptinlin Striking allows Reflected XSS.This issue affects Striking: from n/a through 2.3.4.
|
|||||
| CVE-2024-37265 | 1 Northernbeacheswebsites | 1 Ideapush | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.60.
|
|||||
| CVE-2024-37264 | 1 Groundhogg | 1 Groundhogg | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.4.2.3.
|
|||||
| CVE-2024-37263 | 1 Themelooks | 1 Enter Addons | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.6.
|
|||||
| CVE-2024-37261 | 1 Wplab | 1 Wp-lister Lite For Amazon | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.16.
|
|||||
| CVE-2024-37259 | 1 Wpextended | 1 Wp Extended | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7.
|
|||||
| CVE-2024-37258 | 1 Wpsocialrocket | 1 Social Rocket | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3.
|
|||||
| CVE-2024-37257 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3.
|
|||||
| CVE-2024-37248 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Anima allows Stored XSS.This issue affects Anima: from n/a through 1.4.1.
|
|||||
| CVE-2024-37247 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through 2.3.25.
|
|||||
| CVE-2024-37246 | 1 Gallery Slideshow Project | 1 Gallery Slideshow | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1.
|
|||||
| CVE-2024-37245 | 1 Vsourz | 1 All In One Redirection | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0.
|
|||||
| CVE-2024-37244 | 1 Ninjabeaveraddon | 1 Ninja Beaver Add-ons For Beaver Builder | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through 2.4.5.
|
|||||
| CVE-2024-37239 | 1 Wpmudev | 1 Branda | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17.
|
|||||
| CVE-2024-37229 | 1 Auburnforest | 1 Blogmentor | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor – Blog Layouts for Elementor: from n/a through 1.5.
|
|||||
| CVE-2024-37223 | 1 Nicdarkthemes | 1 Restaurant Food | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0.
|
|||||
| CVE-2024-37221 | 1 Kimili | 1 Kimili Flash Embed | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3.
|
|||||
| CVE-2024-37219 | 1 Pagebuildersandwich | 1 Page Builder Sandwich | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PBN Hosting SL Page Builder Sandwich – Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0.
|
|||||
| CVE-2024-37217 | 1 Prowcplugins | 1 Empty Cart Button For Woocommerce | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8.
|
|||||
| CVE-2024-37216 | 1 Generatewp | 1 Sketchfab Embed | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5.
|
|||||
| CVE-2024-37215 | 1 Creativeinteractivemedia | 1 Transition Slider | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeinteractivemedia Transition Slider – Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider – Responsive Image Slider and Gallery: from n/a through 2.20.3.
|
|||||
| CVE-2024-37211 | 1 Ali2woo | 1 Aliexpress Dropshipping With Alinext | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
|
|||||
| CVE-2024-37206 | 1 Theme4press | 1 Demo Awesome | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme4Press Demo Awesome allows Reflected XSS.This issue affects Demo Awesome: from n/a through 1.0.1.
|
|||||
| CVE-2024-37199 | 1 Kriesi | 1 Enfold | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9.
|
|||||
| CVE-2024-37178 | 2024-11-21 | N/A | 5.0 MEDIUM | ||
|
SAP Financial Consolidation does not
sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting
(XSS) vulnerability. These endpoints are exposed over the network. The
vulnerability can exploit resources beyond the vulnerable component. On
successful exploitation, an attacker can cause limited impact to
confidentiality of the application.
|
|||||
| CVE-2024-37177 | 2024-11-21 | N/A | 8.1 HIGH | ||
|
SAP Financial Consolidation allows data to enter
a Web application through an untrusted source. These endpoints are exposed over
the network and it allows the user to modify the content from the web site. On
successful exploitation, an attacker can cause significant impact to
confidentiality and integrity of the application.
|
|||||
| CVE-2024-37174 | 1 Sap | 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled inputs resulting in Cross-Site
Scripting vulnerability. On successful exploitation an attacker can cause
limited impact on confidentiality and integrity of the application.
|
|||||
| CVE-2024-37173 | 1 Sap | 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
|
|||||
| CVE-2024-37166 | 2024-11-21 | N/A | 8.9 HIGH | ||
|
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive protection against all types of XSS attacks in every scenario. This aligns wi ...
Show More |
|||||