Total
35340 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9938 | 2024-11-18 | N/A | 6.1 MEDIUM | ||
| The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2020-3431 | 2024-11-18 | N/A | 6.1 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2023-43091 | 2024-11-18 | N/A | 9.8 CRITICAL | ||
| A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. | |||||
| CVE-2024-11023 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow an actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0. | |||||
| CVE-2024-8873 | 2024-11-18 | N/A | 6.1 MEDIUM | ||
| The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-9850 | 2024-11-18 | N/A | 6.4 MEDIUM | ||
| The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-10017 | 2024-11-18 | N/A | 6.4 MEDIUM | ||
| The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-51664 | 1 Beds24 | 1 Online Booking | 2024-11-18 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.25. | |||||
| CVE-2024-51663 | 1 Bricksable | 1 Bricksable For Bricks Builder | 2024-11-18 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bricksable Bricksable for Bricks Builder allows Stored XSS.This issue affects Bricksable for Bricks Builder: from n/a through 1.6.59. | |||||
| CVE-2024-51668 | 1 Target-info | 1 Mycurator Content Curation | 2024-11-18 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Stored XSS.This issue affects MyCurator Content Curation: from n/a through 3.78. | |||||
| CVE-2024-51586 | 1 Camilluskillus | 1 Elementary Addons | 2024-11-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BRAFT Elementary Addons allows Stored XSS.This issue affects Elementary Addons: from n/a through 2.0.4. | |||||
| CVE-2024-51590 | 1 Hoosoft | 1 Hoo Addons For Elementor | 2024-11-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hoosoft Hoo Addons for Elementor allows DOM-Based XSS.This issue affects Hoo Addons for Elementor: from n/a through 1.0.6. | |||||
| CVE-2024-51598 | 1 Kendysond | 1 Selar.co Widget | 2024-11-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kendysond Selar.Co Widget allows DOM-Based XSS.This issue affects Selar.Co Widget: from n/a through 1.2. | |||||
| CVE-2024-45087 | 1 Ibm | 1 Websphere Application Server | 2024-11-18 | N/A | 4.8 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-45088 | 1 Ibm | 1 Maximo Asset Management | 2024-11-18 | N/A | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-10684 | 1 Kognetiks | 1 Kognetiks Chatbot | 2024-11-18 | N/A | 6.1 MEDIUM |
| The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-45099 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2024-11-16 | N/A | 4.8 MEDIUM |
| IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-9477 | 1 Airties | 2 Air4443, Air4443 Firmware | 2024-11-15 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support. | |||||
| CVE-2024-36140 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2024-11-15 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker. | |||||
| CVE-2024-11175 | 1 Publiccms | 1 Publiccms | 2024-11-15 | 4.0 MEDIUM | 4.8 MEDIUM |
| A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue. | |||||