Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26077 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26075 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26074 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26072 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that causes the vulnerable script to execute.
|
|||||
| CVE-2024-26071 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26070 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26068 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26066 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26060 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26058 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link.
|
|||||
| CVE-2024-26057 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the malicious script.
|
|||||
| CVE-2024-26055 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the malicious script.
|
|||||
| CVE-2024-26054 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26053 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.
|
|||||
| CVE-2024-26049 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26039 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link or to submit a form that triggers the vulnerability.
|
|||||
| CVE-2024-26037 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a malicious form.
|
|||||
| CVE-2024-26036 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-26018 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
|
Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a.
|
|||||
| CVE-2024-25936 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1.
|
|||||
| CVE-2024-25926 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1.
|
|||||
| CVE-2024-25921 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2.
|
|||||
| CVE-2024-25919 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.
|
|||||
| CVE-2024-25916 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23.
|
|||||
| CVE-2024-25737 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.
|
|||||
| CVE-2024-25662 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
|
Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting (XSS) for malicious URLs.
|
|||||
| CVE-2024-25639 | 1 Khoj | 1 Khoj | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.
|
|||||
| CVE-2024-25506 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie.
|
|||||
| CVE-2024-25503 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
|
Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function.
|
|||||
| CVE-2024-25327 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
|
Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function.
|
|||||
| CVE-2024-25297 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.
|
|||||
| CVE-2024-25208 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter.
|
|||||
| CVE-2024-25122 | 1 Mhenrixon | 1 Sidekiq-unique-jobs | 2024-11-21 | N/A | 7.1 HIGH |
|
sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the side ...
Show More |
|||||
| CVE-2024-25109 | 1 Miraheze | 1 Managewiki | 2024-11-21 | N/A | 6.5 MEDIUM |
|
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerabi ...
Show More |
|||||
| CVE-2024-25107 | 1 Miraheze | 1 Wikidiscover | 2024-11-21 | N/A | 4.9 MEDIUM |
|
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, res ...
Show More |
|||||
| CVE-2024-25080 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
|
WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer.
|
|||||
| CVE-2024-24937 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
|
|||||
| CVE-2024-24933 | 1 Prasidhdamalla | 1 Honeypot For Wp Comment | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.
|
|||||
| CVE-2024-24932 | 1 Zixn | 1 Vk Poster Group | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3.
|
|||||
| CVE-2024-24931 | 1 Swadeshswain | 1 Before After Image Slider | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2.
|
|||||