Total
30570 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8276 | 1 Wpzoom | 1 Wpzoom Portfolio | 2024-09-13 | N/A | 5.4 MEDIUM |
| The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2021-38122 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 8.2 HIGH |
| A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | |||||
| CVE-2024-44851 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-13 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | |||||
| CVE-2024-6018 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | N/A | 6.1 MEDIUM |
| The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||
| CVE-2024-6019 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | N/A | 6.1 MEDIUM |
| The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators | |||||
| CVE-2024-6700 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | |||||
| CVE-2024-6701 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | |||||
| CVE-2024-6702 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | |||||
| CVE-2020-24061 | 1 Kasdanet | 2 Kw5515, Kw5515 Firmware | 2024-09-13 | N/A | 4.3 MEDIUM |
| Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script | |||||
| CVE-2024-7739 | 1 Yzane | 1 Markdown Pdf | 2024-09-13 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8695 | 1 Docker | 1 Desktop | 2024-09-13 | N/A | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. | |||||
| CVE-2024-8696 | 1 Docker | 1 Desktop | 2024-09-13 | N/A | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. | |||||
| CVE-2024-8605 | 1 Code-projects | 1 Inventory Management | 2024-09-13 | 5.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-45406 | 1 Craftcms | 1 Craft Cms | 2024-09-13 | N/A | 4.8 MEDIUM |
| Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input. | |||||
| CVE-2024-44872 | 1 Mozilo | 1 Mozilocms | 2024-09-13 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-7144 | 1 Crocoblock | 1 Jetelements | 2024-09-13 | N/A | 5.4 MEDIUM |
| The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-43476 | 1 Microsoft | 1 Dynamics 365 | 2024-09-13 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2024-43335 | 1 Cyberchimps | 1 Responsive Blocks | 2024-09-13 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8. | |||||
| CVE-2024-43342 | 1 Bdthemes | 1 Ultimate Store Kit | 2024-09-13 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4. | |||||
| CVE-2024-7939 | 1 3ds | 1 3dexperience | 2024-09-13 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||