Total
35118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40500 | 1 Scilico | 1 I-librarian | 2024-08-21 | N/A | 8.6 HIGH |
| Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. | |||||
| CVE-2024-35540 | 1 Typecho | 1 Typecho | 2024-08-21 | N/A | 9.0 CRITICAL |
| A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-6378 | 1 3ds | 1 3dexperience | 2024-08-21 | N/A | 5.4 MEDIUM |
| A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2024-7945 | 1 Adonesevangelista | 1 Laravel Property Management System | 2024-08-21 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/notes/create of the component Notes Page. The manipulation of the argument Note text leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7929 | 1 Oretnom23 | 1 Simple Forum Website | 2024-08-21 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. This affects an unknown part of the file /registration.php of the component Signup Page. The manipulation of the argument username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42335 | 1 7-twenty | 1 Bot | 2024-08-21 | N/A | 5.4 MEDIUM |
| 7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2024-43408 | 2024-08-21 | N/A | 6.3 MEDIUM | ||
| Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7. | |||||
| CVE-2024-8022 | 2024-08-21 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?lang=EN&act=user/spec_conf&sessionId=86213915328111654515&user=A&message2user=Account%20updated. The manipulation of the argument Phone Number leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6767 | 2024-08-21 | N/A | 5.5 MEDIUM | ||
| The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sounding_title’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-7090 | 2024-08-21 | N/A | 6.1 MEDIUM | ||
| The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-7134 | 2024-08-21 | N/A | 7.2 HIGH | ||
| The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-23729 | 1 Heytap | 1 Internet Browser | 2024-08-20 | N/A | 6.1 MEDIUM |
| The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. | |||||
| CVE-2024-7901 | 1 Scada-lts | 1 Scada-lts | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: A fix is planned for the upcoming release at the end of September 2024. | |||||
| CVE-2024-7900 | 1 Tpmecms | 1 Tpmecms | 2024-08-20 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact address/copyright/technical support leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-42560 | 2024-08-20 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter. | |||||
| CVE-2024-43400 | 1 Xwiki | 1 Xwiki | 2024-08-20 | N/A | 5.4 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. | |||||
| CVE-2024-7453 | 1 Fastadmin | 1 Fastadmin | 2024-08-20 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component Attachment Management Section. The manipulation of the argument row[url]/row[imagewidth]/row[imageheight] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273544. | |||||
| CVE-2024-27728 | 2024-08-20 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. | |||||
| CVE-2024-7686 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file register_case.php. The manipulation of the argument title/description/opposite_lawyer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7685 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/email/mobile/address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||