Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0664 | 1 Mekshq | 1 Meks Smart Social Widget | 2024-11-21 | N/A | 4.4 MEDIUM |
|
The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_htm ...
Show More |
|||||
| CVE-2024-0657 | 1 Internallinkjuicer | 1 Internal Link Juicer | 2024-11-21 | N/A | 4.4 MEDIUM |
|
The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects mult ...
Show More |
|||||
| CVE-2024-0652 | 1 Phpgurukul | 1 Company Visitor Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251378 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2024-0647 | 1 Sparksuite | 1 Simplemde | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability.
|
|||||
| CVE-2024-0630 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2024-11-21 | N/A | 4.4 MEDIUM |
|
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disa ...
Show More |
|||||
| CVE-2024-0618 | 1 Fluentforms | 1 Contact Form | 2024-11-21 | N/A | 4.4 MEDIUM |
|
The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-si ...
Show More |
|||||
| CVE-2024-0612 | 1 Contentviewspro | 1 Content Views | 2024-11-21 | N/A | 4.4 MEDIUM |
|
The Content Views – Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-sit ...
Show More |
|||||
| CVE-2024-0599 | 1 Ujcms | 1 Jspxcms | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability.
|
|||||
| CVE-2024-0597 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2024-11-21 | N/A | 4.4 MEDIUM |
|
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_ ...
Show More |
|||||
| CVE-2024-0587 | 1 Ampforwp | 1 Accelerated Mobile Pages | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-0586 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user acce ...
Show More |
|||||
| CVE-2024-0585 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user ...
Show More |
|||||
| CVE-2024-0557 | 1 Dedebiz | 1 Dedebiz | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250725 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-0554 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user.
|
|||||
| CVE-2024-0509 | 1 Hwk | 1 Wp 404 Auto Redirect To Similar Post | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-0508 | 1 Themeisle | 1 Orbit Fox | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-0503 | 1 Sherlock | 1 Online Fir System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611.
|
|||||
| CVE-2024-0501 | 1 Oretnom23 | 1 House Rental Management System | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability.
|
|||||
| CVE-2024-0500 | 1 Oretnom23 | 1 House Rental Management System | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608.
|
|||||
| CVE-2024-0499 | 1 Oretnom23 | 1 House Rental Management System | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607.
|
|||||
| CVE-2024-0476 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability.
|
|||||
| CVE-2024-0467 | 1 Carmelogarcia | 1 Employee Profile Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572.
|
|||||
| CVE-2024-0448 | 1 Livemesh | 1 Elementor Addons | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-0424 | 1 Codeastro | 1 Simple Banking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250443.
|
|||||
| CVE-2024-0423 | 1 Codeastro | 1 Online Food Ordering System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2024-0422 | 1 Codeastro | 1 Pos And Inventory Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /new_item of the component New Item Creation Page. The manipulation of the argument new_item leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250441 was assigned to this vulnerability.
|
|||||
| CVE-2024-0420 | 1 Mappresspro | 1 Mappress Maps For Wordpress | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
|
|||||
| CVE-2024-0384 | 1 Bootstrapped | 1 Wp Recipe Maker | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-0382 | 1 Bootstrapped | 1 Wp Recipe Maker | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-0346 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2024-0345 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250113 was assigned t ...
Show More |
|||||
| CVE-2024-0343 | 1 Simple House Rental System Project | 1 Simple House Rental System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6. Affected by this vulnerability is an unknown functionality of the component Login Panel. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250111.
|
|||||
| CVE-2024-0320 | 1 Fireeye | 1 Malware Analysis | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.
|
|||||
| CVE-2024-0318 | 1 Fireeye | 1 Hxtool | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded.
|
|||||
| CVE-2024-0317 | 1 Fireeye | 6 Ex 3500, Ex 3500 Firmware, Ex 5500 and 3 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.
|
|||||
| CVE-2024-0314 | 1 Fireeye | 1 Central Management | 2024-11-21 | N/A | 5.4 MEDIUM |
|
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.
|
|||||
| CVE-2024-0310 | 2 Microsoft, Trellix | 2 Windows, Endpoint Security Web Control | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration.
|
|||||
| CVE-2024-0286 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.
|
|||||
| CVE-2024-0284 | 1 Kashipara | 1 Food Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839.
|
|||||
| CVE-2024-0283 | 1 Kashipara | 1 Food Management System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability.
|
|||||