Total
30620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28775 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648. | |||||
| CVE-2024-28772 | 1 Ibm | 3 Security Directory Integrator, Security Directory Server, Security Verify Access | 2024-11-21 | N/A | 6.8 MEDIUM |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. | |||||
| CVE-2024-28741 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component. | |||||
| CVE-2024-28734 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter. | |||||
| CVE-2024-28725 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. | |||||
| CVE-2024-28722 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint | |||||
| CVE-2024-28715 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint. | |||||
| CVE-2024-28683 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. | |||||
| CVE-2024-28680 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. | |||||
| CVE-2024-28679 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. | |||||
| CVE-2024-28676 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php. | |||||
| CVE-2024-28671 | 2024-11-21 | N/A | 8.8 HIGH | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php. | |||||
| CVE-2024-28662 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php. | |||||
| CVE-2024-28635 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | |||||
| CVE-2024-28623 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section. | |||||
| CVE-2024-28436 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the session_login.php component. | |||||
| CVE-2024-28434 | 2024-11-21 | N/A | 7.6 HIGH | ||
| The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code. | |||||
| CVE-2024-28404 | 2024-11-21 | N/A | 8.0 HIGH | ||
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | |||||
| CVE-2024-28402 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | |||||
| CVE-2024-28276 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=. | |||||