Total
30576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40730 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/. | |||||
| CVE-2024-40729 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. | |||||
| CVE-2024-40728 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/. | |||||
| CVE-2024-40727 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/. | |||||
| CVE-2024-40726 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/. | |||||
| CVE-2024-40690 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720. | |||||
| CVE-2024-40631 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Plate media is an open source, rich-text editor for React. Editors that use `MediaEmbedElement` and pass custom `urlParsers` to the `useMediaState` hook may be vulnerable to XSS if a custom parser allows `javascript:`, `data:` or `vbscript:` URLs to be embedded. Editors that do not use `urlParsers` and consume the `url` property directly may also be vulnerable if the URL is not sanitised. The default parsers `parseTwitterUrl` and `parseVideoUrl` are not affected. `@udecode/plate-media` 36.0.10 resolves this issue by only allowing HTTP and HTTPS URLs during parsing. This affects only the `embed` property returned from `useMediaState`. In addition, the `url` property returned from `useMediaState` has been renamed to `unsafeUrl` to indicate that it has not been sanitised. The `url` property on `element` is also unsafe, but has not been renamed. If you're using either of these properties directly, you will still need to validate the URL yourself. Users are advised to upgrade. Users unable to upgrade should ensure that any custom `urlParsers` do not allow `javascript:`, `data:` or `vbscript:` URLs to be returned in the `url` property of their return values. If `url` is consumed directly, validate the URL protocol before passing it to the `iframe` element. | |||||
| CVE-2024-40626 | 2024-11-21 | N/A | 7.3 HIGH | ||
| Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting (XSS) vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other users view this document, the malicious Javascript can execute in the origin of Outline. Outline includes CSP rules to prevent third-party code execution, however in the case of self-hosting and having your file storage on the same domain as Outline a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions. This issue has been addressed in release version 0.77.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-40618 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. | |||||
| CVE-2024-40605 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-40604 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries. | |||||
| CVE-2024-40602 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-40600 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-40599 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-40576 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component. | |||||
| CVE-2024-40492 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. | |||||
| CVE-2024-40347 | 1 Hyland | 1 Alfresco Content Services | 2024-11-21 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid. | |||||
| CVE-2024-40336 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.' | |||||
| CVE-2024-40333 | 2024-11-21 | N/A | 8.8 HIGH | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2 | |||||
| CVE-2024-40101 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 6.1 MEDIUM |
| A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter. | |||||