Total
30552 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41174 | 1 Beckhoff | 2 Ipc Diagnostics Package, Twincat\/bsd | 2024-09-12 | N/A | 9.0 CRITICAL |
The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. | |||||
CVE-2024-6929 | 1 Ankitpokhrel | 1 Dynamic Featured Image | 2024-09-12 | N/A | 5.4 MEDIUM |
The Dynamic Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dfiFeatured’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2022-3556 | 1 Kanev | 1 Cab Fare Calculator | 2024-09-12 | N/A | 4.8 MEDIUM |
The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
CVE-2024-41735 | 1 Sap | 1 Commerce Backoffice | 2024-09-12 | N/A | 5.4 MEDIUM |
SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. | |||||
CVE-2024-8693 | 2024-09-12 | 3.3 LOW | 2.4 LOW | ||
A vulnerability, which was classified as problematic, has been found in Kaon CG3000 1.01.43. Affected by this issue is some unknown functionality of the component dhcpcd Command Handler. The manipulation of the argument -h with the input <script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-27729 | 1 Friendica | 1 Friendica | 2024-09-11 | N/A | 6.1 MEDIUM |
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. | |||||
CVE-2024-8317 | 1 Wpeka | 1 Wp Adcenter | 2024-09-11 | N/A | 5.4 MEDIUM |
The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2024-39627 | 1 Imagely | 1 Nextgen Gallery | 2024-09-11 | N/A | 4.8 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3. | |||||
CVE-2024-39629 | 1 Themegrill | 1 Himalayas | 2024-09-11 | N/A | 4.8 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2. | |||||
CVE-2024-39631 | 1 Contest-gallery | 1 Contest Gallery | 2024-09-11 | N/A | 6.1 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2. | |||||
CVE-2024-39643 | 1 Metagauss | 1 Registrationmagic | 2024-09-11 | N/A | 6.1 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1. | |||||
CVE-2024-39644 | 1 Modernaweb | 1 Black Widgets For Elementor | 2024-09-11 | N/A | 5.4 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5. | |||||
CVE-2024-39646 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-09-11 | N/A | 6.1 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Reflected XSS.This issue affects Custom 404 Pro: from n/a through 3.11.1. | |||||
CVE-2024-39647 | 1 Kofimokome | 1 Message Filter For Contact Form 7 | 2024-09-11 | N/A | 6.1 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.1.1. | |||||
CVE-2024-6894 | 1 Rdstation | 1 Rd Station | 2024-09-11 | N/A | 5.4 MEDIUM |
The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2024-8363 | 1 Share-this-image | 1 Share This Image | 2024-09-11 | N/A | 5.4 MEDIUM |
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2024-34831 | 2024-09-11 | N/A | 6.1 MEDIUM | ||
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. | |||||
CVE-2024-23906 | 2024-09-11 | N/A | 6.1 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. | |||||
CVE-2024-6859 | 1 Ngothang | 1 Wp Multitasking | 2024-09-11 | N/A | 5.4 MEDIUM |
The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
CVE-2024-8572 | 1 Gouniverse | 1 Golang Cms | 2024-09-11 | 4.0 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.1 is able to address this issue. The patch is identified as 3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c. It is recommended to upgrade the affected component. |