Total
30576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37859 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. | |||||
| CVE-2024-37856 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. | |||||
| CVE-2024-37828 | 2024-11-21 | N/A | 4.8 MEDIUM | ||
| A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module. | |||||
| CVE-2024-37803 | 1 Health Care Hospital Management System Project | 1 Health Care Hospital Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page. | |||||
| CVE-2024-37800 | 1 Health Care Hospital Management System Project | 1 Health Care Hospital Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
| CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. | |||||
| CVE-2024-37798 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field. | |||||
| CVE-2024-37764 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| MachForm up to version 19 is affected by an authenticated stored cross-site scripting. | |||||
| CVE-2024-37763 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results. | |||||
| CVE-2024-37741 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
| OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. | |||||
| CVE-2024-37732 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. | |||||
| CVE-2024-37680 | 1 Finesoft Project | 1 Finesoft | 2024-11-21 | N/A | 6.1 MEDIUM |
| Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl. | |||||
| CVE-2024-37679 | 1 Finesoft Project | 1 Finesoft | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter. | |||||
| CVE-2024-37675 | 1 Tessi | 1 Docubase | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file. | |||||
| CVE-2024-37674 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. | |||||
| CVE-2024-37673 | 1 Tessi | 1 Docubase | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter. | |||||
| CVE-2024-37672 | 1 Tessi | 1 Docubase | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter. | |||||
| CVE-2024-37671 | 1 Tessi | 1 Docubase | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter. | |||||
| CVE-2024-37629 | 1 Summernote | 1 Summernote | 2024-11-21 | N/A | 6.1 MEDIUM |
| SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | |||||
| CVE-2024-37625 | 1 Zhimengzhel | 1 Ibarn | 2024-11-21 | N/A | 6.1 MEDIUM |
| zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php. | |||||
| CVE-2024-37624 | 1 Rockoa | 1 Xinhu | 2024-11-21 | N/A | 6.1 MEDIUM |
| Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component. | |||||