Total
30570 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40873 | 1 Absolute | 1 Secure Access | 2024-11-21 | N/A | 4.5 MEDIUM |
| There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editing the same management object. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high. | |||||
| CVE-2024-40785 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2024-40742 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add. | |||||
| CVE-2024-40741 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/. | |||||
| CVE-2024-40740 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/. | |||||
| CVE-2024-40739 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add. | |||||
| CVE-2024-40738 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/. | |||||
| CVE-2024-40737 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add. | |||||
| CVE-2024-40736 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add. | |||||
| CVE-2024-40735 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/. | |||||
| CVE-2024-40734 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/. | |||||
| CVE-2024-40733 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/. | |||||
| CVE-2024-40732 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/. | |||||
| CVE-2024-40731 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/. | |||||
| CVE-2024-40730 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/. | |||||
| CVE-2024-40729 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. | |||||
| CVE-2024-40728 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/. | |||||
| CVE-2024-40727 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/. | |||||
| CVE-2024-40726 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/. | |||||
| CVE-2024-40690 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720. | |||||