Total
30570 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7269 | 1 Connx | 1 Esp Hr Management | 2024-09-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6. | |||||
| CVE-2021-22503 | 1 Microfocus | 1 Edirectory | 2024-09-19 | N/A | 6.1 MEDIUM |
| Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000. | |||||
| CVE-2024-8108 | 1 Share This Image Project | 1 Share This Image | 2024-09-19 | N/A | 5.4 MEDIUM |
| The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-8783 | 1 Opentibiabr | 1 Myaac | 2024-09-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2021-38131 | 1 Microfocus | 1 Edirectory | 2024-09-18 | N/A | 6.1 MEDIUM |
| Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000. | |||||
| CVE-2024-8750 | 1 I-doit | 1 I-doit | 2024-09-18 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view). | |||||
| CVE-2024-34335 | 1 Ordat | 1 Ordat.erp | 2024-09-18 | N/A | 6.1 MEDIUM |
| ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. | |||||
| CVE-2024-45303 | 1 Discourse | 1 Calendar | 2024-09-18 | N/A | 6.1 MEDIUM |
| Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in version 0.5 of the Discourse Calendar plugin. | |||||
| CVE-2024-8708 | 1 Mayurik | 1 Best House Rental Management System | 2024-09-18 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. | |||||
| CVE-2024-8144 | 1 Classcms | 1 Classcms | 2024-09-18 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43327 | 1 Teleogistic | 1 Invite Anyone | 2024-09-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7. | |||||
| CVE-2024-43967 | 1 Starkdigital | 1 Wp Testimonial Widget | 2024-09-18 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1. | |||||
| CVE-2024-8145 | 1 Classcms | 1 Classcms | 2024-09-18 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-4207 | 1 Gitlab | 1 Gitlab | 2024-09-18 | N/A | 5.4 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. | |||||
| CVE-2024-43324 | 1 Cleversoft | 1 Clever Addons For Elementor | 2024-09-17 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0. | |||||
| CVE-2024-43276 | 1 Orbisius | 1 Child Theme Creator | 2024-09-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4. | |||||
| CVE-2024-43329 | 1 Cpothemes | 1 Allegiant | 2024-09-17 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7. | |||||
| CVE-2024-43330 | 1 Wpbeaveraddons | 1 Powerpack Lite For Beaver Builder | 2024-09-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack for Beaver Builder allows Reflected XSS.This issue affects PowerPack for Beaver Builder: from n/a before 2.37.4. | |||||
| CVE-2024-43238 | 1 Getwemail | 1 Wemail | 2024-09-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5. | |||||
| CVE-2024-8610 | 1 Mayurik | 1 Best House Rental Management System | 2024-09-17 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /index.php?page=tenants of the component New Tenant Page. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||