Total
35145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8145 | 1 Classcms | 1 Classcms | 2024-09-18 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-4207 | 1 Gitlab | 1 Gitlab | 2024-09-18 | N/A | 5.4 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. | |||||
| CVE-2024-43324 | 1 Cleversoft | 1 Clever Addons For Elementor | 2024-09-17 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0. | |||||
| CVE-2024-43276 | 1 Orbisius | 1 Child Theme Creator | 2024-09-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4. | |||||
| CVE-2024-43329 | 1 Cpothemes | 1 Allegiant | 2024-09-17 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7. | |||||
| CVE-2024-43238 | 1 Getwemail | 1 Wemail | 2024-09-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5. | |||||
| CVE-2024-8610 | 1 Mayurik | 1 Best House Rental Management System | 2024-09-17 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /index.php?page=tenants of the component New Tenant Page. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-40643 | 1 Joplin Project | 1 Joplin | 2024-09-17 | N/A | 9.6 CRITICAL |
| Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag. | |||||
| CVE-2024-6920 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS.This issue affects NACPremium: through 01082024. | |||||
| CVE-2024-39626 | 1 5starplugins | 1 Pretty Simple Popup Builder | 2024-09-17 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.7. | |||||
| CVE-2024-8867 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-17 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-45856 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI. | |||||
| CVE-2024-28100 | 1 Elabftw | 1 Elabftw | 2024-09-16 | N/A | 5.4 MEDIUM |
| eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a list of experiments. Viewing this allows the malicious script to act on behalf of the visitor in any way, including the creation of API keys for persistence, or other options normally available to the user. If the user viewing the page has the sysadmin role in eLabFTW, the script can act as a sysadmin (including system configuration and extensive user management roles). Users are advised to upgrade to at least version 5.0.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-43793 | 1 Halo | 1 Halo | 2024-09-16 | N/A | 6.4 MEDIUM |
| Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. This vulnerability is fixed in 2.19.0. | |||||
| CVE-2024-43792 | 1 Halo | 1 Halo | 2024-09-16 | N/A | 6.1 MEDIUM |
| Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. Users are advised to upgrade to version 2.17.0+. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-44798 | 1 Anujk305 | 1 Bus Pass Management System | 2024-09-16 | N/A | 4.8 MEDIUM |
| phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. | |||||
| CVE-2024-38640 | 1 Qnap | 1 Download Station | 2024-09-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later | |||||
| CVE-2024-32762 | 1 Qnap | 1 Qulog Center | 2024-09-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later | |||||
| CVE-2024-27125 | 1 Qnap | 1 Helpdesk | 2024-09-13 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later | |||||
| CVE-2024-5624 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session | |||||