Total
30576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40507 | 2024-09-30 | N/A | 7.3 HIGH | ||
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. | |||||
| CVE-2024-40506 | 2024-09-30 | N/A | 7.3 HIGH | ||
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. | |||||
| CVE-2024-45985 | 2024-09-30 | N/A | 4.7 MEDIUM | ||
| A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the update_contact.php | |||||
| CVE-2024-45984 | 2024-09-30 | N/A | 4.7 MEDIUM | ||
| A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List is viewed. | |||||
| CVE-2024-40508 | 2024-09-30 | N/A | 7.3 HIGH | ||
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. | |||||
| CVE-2024-45986 | 2024-09-30 | N/A | 5.4 MEDIUM | ||
| A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages whenever the account information is accessed. | |||||
| CVE-2024-46470 | 2024-09-30 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. | |||||
| CVE-2024-40509 | 2024-09-30 | N/A | 7.3 HIGH | ||
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function. | |||||
| CVE-2024-40511 | 2024-09-30 | N/A | 7.3 HIGH | ||
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. | |||||
| CVE-2024-9276 | 2024-09-30 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in TMsoft MyAuth Gateway 3. Affected is an unknown function of the file /index.php. The manipulation of the argument console/nocache/cmd leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-25411 | 2024-09-30 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. | |||||
| CVE-2024-40512 | 2024-09-30 | N/A | 7.3 HIGH | ||
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. | |||||
| CVE-2024-46367 | 2024-09-30 | N/A | 9.6 CRITICAL | ||
| A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system. | |||||
| CVE-2024-9283 | 2024-09-30 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-46333 | 2024-09-30 | N/A | 4.8 MEDIUM | ||
| An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function. | |||||
| CVE-2024-39910 | 1 Decidim | 1 Decidim | 2024-09-29 | N/A | 4.8 MEDIUM |
| decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to <svg onload=alert('XSS')> if they know how to craft these requests themselves. This issue has been addressed in release version 0.27.7. All users are advised to upgrade. Users unable to upgrade should review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the "Enable rich text editor for participants" setting in the admin dashboard | |||||
| CVE-2024-43024 | 1 Rws | 1 Multitrans | 2024-09-29 | N/A | 6.1 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-27915 | 1 Acquia | 1 Mautic | 2024-09-29 | N/A | 9.0 CRITICAL |
| Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. | |||||
| CVE-2024-32034 | 1 Decidim | 1 Decidim | 2024-09-29 | N/A | 4.8 MEDIUM |
| decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. This issue has been addressed in release version 0.27.7, 0.28.2, and newer. Users are advised to upgrade. Users unable to upgrade may redirect the pages /admin and /admin/logs to other admin pages to prevent this access (i.e. `/admin/organization/edit`). | |||||
| CVE-2024-8054 | 1 Mm-breaking News Project | 1 Mm-breaking News | 2024-09-27 | N/A | 6.1 MEDIUM |
| The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||