Total
30576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39203 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-39174 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. | |||||
| CVE-2024-39143 | 1 Coderberg | 1 Residencecms | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload. | |||||
| CVE-2024-39126 | 1 Roundup-tracker | 1 Roundup | 2024-11-21 | N/A | 5.4 MEDIUM |
| Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. | |||||
| CVE-2024-39125 | 1 Roundup-tracker | 1 Roundup | 2024-11-21 | N/A | 5.4 MEDIUM |
| Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. | |||||
| CVE-2024-39124 | 1 Roundup-tracker | 1 Roundup | 2024-11-21 | N/A | 5.4 MEDIUM |
| In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. | |||||
| CVE-2024-39123 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization. | |||||
| CVE-2024-39031 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when creating an event and then add the administrator or any user to the event. When the invited user (victim) views their own profile, the payload will be executed on their side, even if they do not click on the event. | |||||
| CVE-2024-38972 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/. | |||||
| CVE-2024-38971 | 1 Vaethink | 1 Vaethink | 2024-11-21 | N/A | 5.4 MEDIUM |
| vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. | |||||
| CVE-2024-38963 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Title" and "AddProductReview.ReviewText" parameter(s) (Reviews) when creating a new review. | |||||
| CVE-2024-38959 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter. | |||||
| CVE-2024-38953 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A | 6.1 MEDIUM |
| phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. | |||||
| CVE-2024-38870 | 2024-11-21 | N/A | 3.5 LOW | ||
| Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module. | |||||
| CVE-2024-38857 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. | |||||
| CVE-2024-38786 | 1 Burgersoftwares | 1 Cozipress | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.This issue affects CoziPress: from n/a through 1.0.30. | |||||
| CVE-2024-38785 | 1 Jegstudio | 1 Gutenverse | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2. | |||||
| CVE-2024-38784 | 1 Livemesh | 1 Beaver Builder Addons | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1. | |||||
| CVE-2024-38782 | 1 Mapsmarker | 1 Leaflet Maps Marker | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U. Leaflet Maps Marker allows Stored XSS.This issue affects Leaflet Maps Marker: from n/a through 3.12.9. | |||||
| CVE-2024-38781 | 1 Artistscope | 1 Copysafe Web Protection | 2024-11-21 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Reflected XSS.This issue affects CopySafe Web Protection: from n/a through 3.15. | |||||