Total
30643 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23181 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser. | |||||
| CVE-2024-23179 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks. | |||||
| CVE-2024-23178 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message. | |||||
| CVE-2024-23177 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter. | |||||
| CVE-2024-23174 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message. | |||||
| CVE-2024-23173 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php. | |||||
| CVE-2024-23172 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog. | |||||
| CVE-2024-23171 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n). | |||||
| CVE-2024-23111 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 6.8 MEDIUM |
| An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. | |||||
| CVE-2024-23034 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-23033 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-23032 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-23031 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-22936 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2024-22927 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-22877 | 1 Strangebee | 1 Thehive | 2024-11-21 | N/A | 5.4 MEDIUM |
| StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened. | |||||
| CVE-2024-22876 | 1 Strangebee | 1 Thehive | 2024-11-21 | N/A | 5.4 MEDIUM |
| StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator. | |||||
| CVE-2024-22855 | 1 Itssglobal | 1 Imlog | 2024-11-21 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | |||||
| CVE-2024-22776 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields. | |||||
| CVE-2024-22725 | 1 Orthanc-server | 1 Orthanc | 2024-11-21 | N/A | 6.1 MEDIUM |
| Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting. | |||||