Total
30576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35640 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tomas Cordero Safety Exit allows Stored XSS.This issue affects Safety Exit: from n/a through 1.7.0. | |||||
| CVE-2024-35639 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through 1.2. | |||||
| CVE-2024-35631 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212. | |||||
| CVE-2024-35627 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key. | |||||
| CVE-2024-35595 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-35592 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-35591 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-35583 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field. | |||||
| CVE-2024-35582 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field. | |||||
| CVE-2024-35545 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2024-35432 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting. | |||||
| CVE-2024-35352 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/Users.php?f=save. Manipulating the parameter middlename results in cross-site scripting. | |||||
| CVE-2024-35351 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/SystemSettings.php?f=update_settings. Manipulating the parameter name results in cross-site scripting. | |||||
| CVE-2024-35345 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting. | |||||
| CVE-2024-35302 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible | |||||
| CVE-2024-35300 | 2024-11-21 | N/A | 3.5 LOW | ||
| In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible | |||||
| CVE-2024-35297 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. | |||||
| CVE-2024-35291 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product. | |||||
| CVE-2024-35283 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation. | |||||
| CVE-2024-35267 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | N/A | 7.6 HIGH |
| Azure DevOps Server Spoofing Vulnerability | |||||