Total
30576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43795 | 1 Openc3 | 1 Cosmos | 2024-10-31 | N/A | 6.1 MEDIUM |
| OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition. | |||||
| CVE-2024-50501 | 1 Climaxthemes | 1 Kata Plus | 2024-10-31 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Climax Themes Kata Plus allows Stored XSS.This issue affects Kata Plus: from n/a through 1.4.7. | |||||
| CVE-2024-50502 | 1 Cozythemes | 1 Cozy Blocks | 2024-10-31 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.18. | |||||
| CVE-2024-50472 | 1 Amilia | 1 Store | 2024-10-31 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Drapeau Amilia Store allows Stored XSS.This issue affects Amilia Store: from n/a through 2.9.8. | |||||
| CVE-2024-50471 | 1 Checklist | 1 Trip Plan | 2024-10-31 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Checklist Trip Plan allows Stored XSS.This issue affects Trip Plan: from n/a through 1.0.10. | |||||
| CVE-2024-50470 | 1 Themes4wp | 1 Youtube External Subtitles | 2024-10-31 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themes4WP Themes4WP YouTube External Subtitles allows Stored XSS.This issue affects Themes4WP YouTube External Subtitles: from n/a through 1.0. | |||||
| CVE-2024-10374 | 1 Butlerblog | 1 Wp-members | 2024-10-31 | N/A | 5.4 MEDIUM |
| The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-45715 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-30 | N/A | 6.1 MEDIUM |
| The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | |||||
| CVE-2021-4452 | 1 Gtranslate | 1 Google Language Translator | 2024-10-30 | N/A | 5.4 MEDIUM |
| The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support. | |||||
| CVE-2017-20193 | 1 Woo | 1 Product Vendors | 2024-10-30 | N/A | 6.1 MEDIUM |
| The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-46538 | 1 Netgate | 1 Pfsense | 2024-10-30 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. | |||||
| CVE-2024-48396 | 2024-10-30 | N/A | 6.1 MEDIUM | ||
| AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts. | |||||
| CVE-2024-42550 | 2024-10-30 | N/A | 5.4 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | |||||
| CVE-2024-45714 | 1 Solarwinds | 1 Serv-u | 2024-10-30 | N/A | 4.1 MEDIUM |
| Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | |||||
| CVE-2024-49268 | 1 Sunburntkamel | 1 Disconnected | 2024-10-30 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a through 1.3.0. | |||||
| CVE-2024-49265 | 1 Booking | 1 Banner Creator | 2024-10-30 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6. | |||||
| CVE-2024-49211 | 1 Archerirm | 1 Archer | 2024-10-30 | N/A | 6.1 MEDIUM |
| Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2024-49210 | 1 Archerirm | 1 Archer | 2024-10-30 | N/A | 6.1 MEDIUM |
| Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2024-48233 | 2024-10-30 | N/A | 4.8 MEDIUM | ||
| mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter. | |||||
| CVE-2024-9231 | 1 Butlerblog | 1 Wp-members | 2024-10-30 | N/A | 6.1 MEDIUM |
| The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||