Total
30570 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4302 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks. | |||||
| CVE-2024-4293 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability. | |||||
| CVE-2024-4270 | 1 Andibauer | 1 Svgmagic | 2024-11-21 | N/A | 5.4 MEDIUM |
| The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | |||||
| CVE-2024-4268 | 1 Dotcamp | 1 Ultimate Blocks | 2024-11-21 | N/A | 6.4 MEDIUM |
| The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-4256 | 2024-11-21 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input ><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4234 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayful Islam Filterable Portfolio allows Stored XSS.This issue affects Filterable Portfolio: from n/a through 1.6.4. | |||||
| CVE-2024-4224 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator's browser. This issue was fixed in TL-SG1016DE(UN) V7_1.0.1 Build 20240628. | |||||
| CVE-2024-4216 | 2024-11-21 | N/A | 7.4 HIGH | ||
| pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end. | |||||
| CVE-2024-4212 | 1 Themesflat | 1 Themesflat Addons For Elementor | 2024-11-21 | N/A | 6.4 MEDIUM |
| The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-4201 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.4 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. | |||||
| CVE-2024-4190 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely exploited. | |||||
| CVE-2024-4176 | 1 Trellix | 1 Xconsole | 2024-11-21 | N/A | 4.1 MEDIUM |
| An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user. | |||||
| CVE-2024-4174 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL. | |||||
| CVE-2024-4149 | 1 Premio | 1 Floating Chat Widget | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-4105 | 2024-11-21 | N/A | 5.8 MEDIUM | ||
| A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00 | |||||
| CVE-2024-4094 | 1 Sharethis | 1 Simple Share Buttons Adder | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-4077 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through 4.7.3. | |||||
| CVE-2024-4075 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261801 was assigned to this vulnerability. | |||||
| CVE-2024-4074 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261800. | |||||
| CVE-2024-4073 | 1 Aditya88 | 1 Online Furniture Shopping Ecommerce Website | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261799. | |||||