Total
35194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9214 | 2024-10-25 | N/A | 6.1 MEDIUM | ||
| The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file in all versions up to, and including, 1.2.133 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-44061 | 1 Wpfactory | 1 Eu\/uk Vat Manager For Woocommerce | 2024-10-25 | N/A | 6.1 MEDIUM |
| : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14. | |||||
| CVE-2024-48656 | 1 Angeljudesuarez | 1 Student Management System | 2024-10-24 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | |||||
| CVE-2024-49631 | 1 Mdabdulkader | 1 Easy Addons For Elementor | 2024-10-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0. | |||||
| CVE-2024-10286 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to. | |||||
| CVE-2024-10289 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName. | |||||
| CVE-2024-10288 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName. | |||||
| CVE-2024-10287 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName. | |||||
| CVE-2024-49630 | 1 Hasthemes | 1 Wp Education | 2024-10-23 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8. | |||||
| CVE-2024-46482 | 2024-10-23 | N/A | 8.2 HIGH | ||
| An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file. | |||||
| CVE-2024-48049 | 1 Mightyplugins | 1 Mighty Builder | 2024-10-23 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mighty Plugins Mighty Builder allows Stored XSS.This issue affects Mighty Builder: from n/a through 1.0.2. | |||||
| CVE-2024-49334 | 1 Unizoewebsolutions | 1 Jlayer Parallax Slider | 2024-10-23 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unizoe Web Solutions jLayer Parallax Slider allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through 1.0. | |||||
| CVE-2024-49323 | 1 Sourav | 1 All In One Slider | 2024-10-23 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sourav All in One Slider allows Reflected XSS.This issue affects All in One Slider: from n/a through 1.1. | |||||
| CVE-2024-49606 | 1 Dotsquares | 1 Google Map Locations | 2024-10-23 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0. | |||||
| CVE-2024-40088 | 2024-10-23 | N/A | 5.3 MEDIUM | ||
| A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request. | |||||
| CVE-2024-10197 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-23 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-46237 | 1 Phpgurukul | 1 Hospital Management System | 2024-10-22 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. | |||||
| CVE-2024-10142 | 1 Code-projects | 1 Blood Bank System | 2024-10-22 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9848 | 1 K2-service | 1 Product Customizer Light | 2024-10-22 | N/A | 5.4 MEDIUM |
| The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-10055 | 1 Ninjateam | 1 Click To Chat | 2024-10-22 | N/A | 5.4 MEDIUM |
| The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||