Total
30639 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24136 | 1 Remyandrade | 1 Math Game | 2024-11-21 | N/A | 6.1 MEDIUM |
| The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | |||||
| CVE-2024-24135 | 1 Remyandrade | 1 Product Inventory With Export To Excel | 2024-11-21 | N/A | 6.1 MEDIUM |
| Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. | |||||
| CVE-2024-24134 | 1 Remyandrade | 1 Online Food Menu | 2024-11-21 | N/A | 4.8 MEDIUM |
| Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. | |||||
| CVE-2024-24131 | 1 Superwebmailer | 1 Superwebmailer | 2024-11-21 | N/A | 6.1 MEDIUM |
| SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. | |||||
| CVE-2024-24130 | 1 Mail2world | 1 Mail2world | 2024-11-21 | N/A | 6.1 MEDIUM |
| Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp. | |||||
| CVE-2024-24115 | 1 Cotonti | 1 Siena | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-24097 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed. | |||||
| CVE-2024-24062 | 1 Aitangbao | 1 Springboot-manager | 2024-11-21 | N/A | 5.4 MEDIUM |
| springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. | |||||
| CVE-2024-24061 | 1 Aitangbao | 1 Springboot-manager | 2024-11-21 | N/A | 5.4 MEDIUM |
| springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. | |||||
| CVE-2024-24060 | 1 Aitangbao | 1 Springboot-manager | 2024-11-21 | N/A | 5.4 MEDIUM |
| springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. | |||||
| CVE-2024-24059 | 1 Aitangbao | 1 Springboot-manager | 2024-11-21 | N/A | 5.4 MEDIUM |
| springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files. | |||||
| CVE-2024-24050 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php. | |||||
| CVE-2024-24041 | 1 Remyandrade | 1 Travel Journal Using Php And Mysql With Source Code | 2024-11-21 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php. | |||||
| CVE-2024-24035 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter. | |||||
| CVE-2024-23998 | 1 Goanother | 1 Another Redis Desktop Manager | 2024-11-21 | N/A | 9.6 CRITICAL |
| goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue. | |||||
| CVE-2024-23997 | 1 Lukasbach | 1 Yana | 2024-11-21 | N/A | 9.6 CRITICAL |
| Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. | |||||
| CVE-2024-23995 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container. | |||||
| CVE-2024-23941 | 1 Group-office | 1 Group Office | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | |||||
| CVE-2024-23905 | 1 Jenkins | 1 Red Hat Dependency Analytics | 2024-11-21 | N/A | 5.4 MEDIUM |
| Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
| CVE-2024-23896 | 1 Ajaysharma | 1 Cups Easy | 2024-11-21 | N/A | 8.2 HIGH |
| A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||