Total
30603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11116 | 2024-11-13 | N/A | 4.3 MEDIUM | ||
| Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-9426 | 2024-11-13 | N/A | 6.4 MEDIUM | ||
| The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-28728 | 2024-11-13 | N/A | 6.6 MEDIUM | ||
| Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field. | |||||
| CVE-2024-11117 | 2024-11-13 | N/A | 4.3 MEDIUM | ||
| Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-10887 | 2024-11-13 | N/A | 6.4 MEDIUM | ||
| The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-11111 | 2024-11-13 | N/A | 4.3 MEDIUM | ||
| Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-51055 | 2024-11-13 | N/A | 6.5 MEDIUM | ||
| An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. | |||||
| CVE-2024-47854 | 1 Veritas | 1 Data Insight | 2024-11-13 | N/A | 6.1 MEDIUM |
| An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. | |||||
| CVE-2024-47765 | 1 Jgniecki | 1 Minecraft Motd Parser | 2024-11-13 | N/A | 6.1 MEDIUM |
| Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6. | |||||
| CVE-2024-10761 | 1 Umbraco | 1 Umbraco Cms | 2024-11-13 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue. | |||||
| CVE-2024-51054 | 2024-11-12 | N/A | 4.8 MEDIUM | ||
| A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter. | |||||
| CVE-2024-50990 | 2024-11-12 | N/A | 6.1 MEDIUM | ||
| A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter. | |||||
| CVE-2024-50991 | 2024-11-12 | N/A | 4.8 MEDIUM | ||
| A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter | |||||
| CVE-2024-51213 | 2024-11-12 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component. | |||||
| CVE-2024-51026 | 2024-11-12 | N/A | 5.4 MEDIUM | ||
| The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field. | |||||
| CVE-2024-51135 | 2024-11-12 | N/A | 9.8 CRITICAL | ||
| An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. | |||||
| CVE-2024-50601 | 2024-11-12 | N/A | 6.1 MEDIUM | ||
| Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixed in versions 10.3.3.67, 10.4.42, and 10.5.29. | |||||
| CVE-2024-43439 | 2024-11-12 | N/A | 5.4 MEDIUM | ||
| A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk. | |||||
| CVE-2024-52000 | 2024-11-12 | N/A | 8.1 HIGH | ||
| Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting (XSS) exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic escaping of error messages when rendering on the page. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-51691 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryan Duntley Admin Amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through 1.3.0. | |||||