Total
30576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50965 | 2024-11-22 | N/A | 5.4 MEDIUM | ||
| Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script | |||||
| CVE-2024-11493 | 1 115cms | 1 115cms | 2024-11-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the argument tid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11492 | 1 115cms | 1 115cms | 2024-11-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of the argument tid leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11490 | 1 115cms | 1 115cms | 2024-11-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in 115cms up to 20240807. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php/admin/web/set.html. The manipulation of the argument type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9851 | 1 Lightspeedwp | 1 Lsx Tour Operator | 2024-11-22 | N/A | 6.4 MEDIUM |
| The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-52793 | 2024-11-22 | N/A | N/A | ||
| The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names. Exploitation might also be possible on other systems but less trivial due to e.g. lack of file name support for `<>` in Windows. Version 1.0.11 fixes the issue. | |||||
| CVE-2024-32770 | 2024-11-22 | N/A | 6.3 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | |||||
| CVE-2024-32769 | 2024-11-22 | N/A | 6.3 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | |||||
| CVE-2024-32768 | 2024-11-22 | N/A | 6.3 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | |||||
| CVE-2024-32767 | 2024-11-22 | N/A | 6.3 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | |||||
| CVE-2024-30951 | 2024-11-22 | N/A | 6.1 MEDIUM | ||
| FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php. | |||||
| CVE-2022-26324 | 2024-11-22 | N/A | 7.6 HIGH | ||
| Possible XSS in iManager URL for access Component has been discovered in OpenTextâ„¢ iManager 3.2.6.0000. | |||||
| CVE-2021-38134 | 2024-11-22 | N/A | 6.1 MEDIUM | ||
| Possible XSS in iManager URL for access Component has been discovered in OpenTextâ„¢ iManager 3.2.5.0000. | |||||
| CVE-2021-38119 | 2024-11-22 | N/A | 6.1 MEDIUM | ||
| Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager 3.2.4.0000. | |||||
| CVE-2024-7749 | 1 Remyandrade | 1 Accounts Manager App | 2024-11-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-32345 | 2024-11-22 | N/A | 7.2 HIGH | ||
| A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section. | |||||
| CVE-2024-29376 | 2024-11-22 | N/A | 6.4 MEDIUM | ||
| Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book. | |||||
| CVE-2024-7948 | 1 Remyandrade | 1 Accounts Manager App | 2024-11-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0. This vulnerability affects unknown code of the file update-account.php of the component Update Account Page. The manipulation of the argument Account Name/Username/Password/Link leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-28730 | 1 Dlink | 2 Dwr-2000m, Dwr-2000m Firmware | 2024-11-22 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. | |||||
| CVE-2024-7660 | 1 Remyandrade | 1 File Manager App | 2024-11-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||