Total
30636 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24700 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8. | |||||
| CVE-2024-24594 | 1 Clear | 1 Clearml | 2024-11-21 | N/A | 9.9 CRITICAL |
| A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI. | |||||
| CVE-2024-24574 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.5 MEDIUM |
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. | |||||
| CVE-2024-24570 | 1 Statamic | 1 Statamic | 2024-11-21 | N/A | 8.2 HIGH |
| Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionally, if the XSS is crafted in a specific way, the "copy password reset link" feature may be exploited to gain access to a user's password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur. In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled. | |||||
| CVE-2024-24558 | 1 Tanstack | 1 React-query-next-experimental | 2024-11-21 | N/A | 8.2 HIGH |
| TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later. | |||||
| CVE-2024-24556 | 1 Nearform | 1 Urql | 2024-11-21 | N/A | 7.2 HIGH |
| urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1 | |||||
| CVE-2024-24512 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component. | |||||
| CVE-2024-24511 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component. | |||||
| CVE-2024-24507 | 1 Act-on | 1 Act-on | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. | |||||
| CVE-2024-24506 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function. | |||||
| CVE-2024-24494 | 1 Remyandrade | 1 Daily Habit Tracker | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components. | |||||
| CVE-2024-24397 | 1 Stimulsoft | 1 Dashboards.js | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field. | |||||
| CVE-2024-24396 | 1 Stimulsoft | 1 Dashboard.js | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. | |||||
| CVE-2024-24388 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | |||||
| CVE-2024-24160 | 1 Mrcms | 1 Mrcms | 2024-11-21 | N/A | 5.4 MEDIUM |
| MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. | |||||
| CVE-2024-24157 | 2024-11-21 | N/A | N/A | ||
| Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. | |||||
| CVE-2024-24156 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter. | |||||
| CVE-2024-24136 | 1 Remyandrade | 1 Math Game | 2024-11-21 | N/A | 6.1 MEDIUM |
| The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | |||||
| CVE-2024-24135 | 1 Remyandrade | 1 Product Inventory With Export To Excel | 2024-11-21 | N/A | 6.1 MEDIUM |
| Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. | |||||
| CVE-2024-24134 | 1 Remyandrade | 1 Online Food Menu | 2024-11-21 | N/A | 4.8 MEDIUM |
| Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. | |||||