Total
36530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39403 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | N/A | 7.6 HIGH |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information. | |||||
| CVE-2024-7588 | 2024-08-14 | N/A | 6.4 MEDIUM | ||
| The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6532 | 2024-08-14 | N/A | 6.4 MEDIUM | ||
| The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWT_Sheet_Table shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-38166 | 1 Microsoft | 1 Dynamics Crm Service Portal Web Resource | 2024-08-14 | N/A | 6.1 MEDIUM |
| An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. | |||||
| CVE-2024-21550 | 1 Steve-community | 1 Steve | 2024-08-13 | N/A | 6.1 MEDIUM |
| SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface. | |||||
| CVE-2024-41240 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-13 | N/A | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter. | |||||
| CVE-2024-7310 | 1 Jkev | 1 Record Management System | 2024-08-13 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file sort_user.php. The manipulation of the argument sort leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273202 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7309 | 1 Jkev | 1 Record Management System | 2024-08-13 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273201 was assigned to this vulnerability. | |||||
| CVE-2024-43233 | 2024-08-13 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8. | |||||
| CVE-2024-43126 | 2024-08-13 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.14. | |||||
| CVE-2024-43133 | 2024-08-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1. | |||||
| CVE-2024-43124 | 2024-08-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10. | |||||
| CVE-2024-43164 | 2024-08-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.0. | |||||
| CVE-2024-43148 | 2024-08-13 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3. | |||||
| CVE-2024-43217 | 2024-08-13 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. | |||||
| CVE-2024-43137 | 2024-08-13 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4. | |||||
| CVE-2024-43226 | 2024-08-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11. | |||||
| CVE-2024-43123 | 2024-08-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Card Elements for Elementor allows Stored XSS.This issue affects Card Elements for Elementor: from n/a through 1.2.2. | |||||
| CVE-2024-43163 | 2024-08-13 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2. | |||||
| CVE-2024-43161 | 2024-08-13 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2. | |||||