Total
30626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27091 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3. | |||||
| CVE-2024-27083 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1. | |||||
| CVE-2024-27082 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue. | |||||
| CVE-2024-26542 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field. | |||||
| CVE-2024-26521 | 2024-11-21 | N/A | 4.8 MEDIUM | ||
| HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component. | |||||
| CVE-2024-26517 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component. | |||||
| CVE-2024-26491 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field. | |||||
| CVE-2024-26490 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | |||||
| CVE-2024-26484 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled. | |||||
| CVE-2024-26481 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter. | |||||
| CVE-2024-26473 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php. | |||||
| CVE-2024-26472 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of 'create-new-pwd.php'. | |||||
| CVE-2024-26471 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php. | |||||
| CVE-2024-26468 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL. | |||||
| CVE-2024-26467 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL. | |||||
| CVE-2024-26466 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL. | |||||
| CVE-2024-26367 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload to the login parameters. | |||||
| CVE-2024-26313 | 2024-11-21 | N/A | 7.3 HIGH | ||
| Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release. | |||||
| CVE-2024-26311 | 2024-11-21 | N/A | 5.7 MEDIUM | ||
| Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2024-26300 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | |||||