Total
35118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7684 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add_act.php. The manipulation of the argument aname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7683 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file addcase_stage.php. The manipulation of the argument cname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43810 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin | |||||
| CVE-2024-43809 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page | |||||
| CVE-2024-43808 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin | |||||
| CVE-2024-43807 | 1 Jetbrains | 1 Teamcity | 2024-08-19 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page | |||||
| CVE-2024-42758 | 2024-08-19 | N/A | 5.4 MEDIUM | ||
| A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS. | |||||
| CVE-2024-7815 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-08-19 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7814 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-08-19 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7812 | 1 Mayurik | 1 Best House Rental Management System | 2024-08-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-6533 | 1 Monospace | 1 Directus | 2024-08-19 | N/A | 5.4 MEDIUM |
| Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover. | |||||
| CVE-2024-7752 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-08-19 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /update_medicine.php. The manipulation of the argument medicine_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7008 | 1 Calibre-ebook | 1 Calibre | 2024-08-19 | N/A | 6.1 MEDIUM |
| Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. | |||||
| CVE-2024-7793 | 1 Rems | 1 Task Progress Tracker | 2024-08-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7914 | 1 Oretnom23 | 1 Yoga Class Registration System | 2024-08-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-4507 | 2024-08-19 | N/A | 6.1 MEDIUM | ||
| The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-43369 | 2024-08-19 | N/A | 7.2 HIGH | ||
| Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists `javascript:` and `vbscript:` in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which typically means Editor role or higher. The fix implements an allowlist instead, which allows only approved link protocols. The new check is case insensitive. Version 4.6.10 contains a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-4604 | 2024-08-19 | N/A | 6.1 MEDIUM | ||
| The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-7136 | 2024-08-19 | N/A | 6.4 MEDIUM | ||
| The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-3399 | 2024-08-19 | N/A | 4.4 MEDIUM | ||
| The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||