Total
30643 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22153 | 1 Fahadmahmood8 | 1 Stock Locations For Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.This issue affects Stock Locations for WooCommerce: from n/a through 2.5.9. | |||||
| CVE-2024-22150 | 1 Pwrplugins | 1 Powerfolio | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1. | |||||
| CVE-2024-22149 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5. | |||||
| CVE-2024-22148 | 1 Joomunited | 1 Wp-smart-editor | 2024-11-21 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. | |||||
| CVE-2024-22146 | 1 Magazine3 | 1 Schema \& Structured Data For Wp \& Amp | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25. | |||||
| CVE-2024-22142 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0. | |||||
| CVE-2024-22137 | 1 Mailmunch | 1 Constant Contact Forms | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11. | |||||
| CVE-2024-22130 | 1 Sap | 1 Crm - Webclient Ui | 2024-11-21 | N/A | 7.6 HIGH |
| Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation. | |||||
| CVE-2024-22129 | 1 Sap | 1 Companion | 2024-11-21 | N/A | 5.4 MEDIUM |
| SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application. | |||||
| CVE-2024-22126 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A | 8.8 HIGH |
| The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability. | |||||
| CVE-2024-22119 | 1 Zabbix | 1 Zabbix | 2024-11-21 | N/A | 5.5 MEDIUM |
| The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | |||||
| CVE-2024-22075 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | N/A | 6.1 MEDIUM |
| Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. | |||||
| CVE-2024-22048 | 1 Gov.uk | 1 Govuk Tech Docs | 2024-11-21 | N/A | 6.1 MEDIUM |
| govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page. | |||||
| CVE-2024-21911 | 1 Tiny | 1 Tinymce | 2024-11-21 | N/A | 6.1 MEDIUM |
| TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. | |||||
| CVE-2024-21910 | 1 Tiny | 1 Tinymce | 2024-11-21 | N/A | 6.1 MEDIUM |
| TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser. | |||||
| CVE-2024-21908 | 1 Tiny | 1 Tinymce | 2024-11-21 | N/A | 6.1 MEDIUM |
| TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. | |||||
| CVE-2024-21750 | 1 Scribit | 1 Shortcodes Finder | 2024-11-21 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5. | |||||
| CVE-2024-21745 | 1 Laybuy | 1 Laybuy Payment Extension For Woocommerce | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9. | |||||
| CVE-2024-21744 | 1 Mapster | 1 Mapster Wp Maps | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Mapster WP Maps allows Stored XSS.This issue affects Mapster WP Maps: from n/a through 1.2.38. | |||||
| CVE-2024-21738 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 4.1 MEDIUM |
| SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. | |||||