Total
30580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33695 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0. | |||||
| CVE-2024-33694 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5. | |||||
| CVE-2024-33693 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Smart Social Widget allows Stored XSS.This issue affects Meks Smart Social Widget: from n/a through 1.6.4. | |||||
| CVE-2024-33692 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3. | |||||
| CVE-2024-33670 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page. | |||||
| CVE-2024-33665 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks. | |||||
| CVE-2024-33649 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9. | |||||
| CVE-2024-33648 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wzy Media Recencio Book Reviews allows Stored XSS.This issue affects Recencio Book Reviews: from n/a through 1.66.0. | |||||
| CVE-2024-33645 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eftakhairul Islam & Sirajus Salayhin Easy Set Favicon allows Reflected XSS.This issue affects Easy Set Favicon: from n/a through 1.1. | |||||
| CVE-2024-33643 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2. | |||||
| CVE-2024-33642 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EkoJR Advanced Post List allows Stored XSS.This issue affects Advanced Post List: from n/a through 0.5.6.1. | |||||
| CVE-2024-33640 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2. | |||||
| CVE-2024-33639 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. | |||||
| CVE-2024-33633 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. | |||||
| CVE-2024-33631 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. | |||||
| CVE-2024-33630 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.26. | |||||
| CVE-2024-33604 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2024-33598 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0. | |||||
| CVE-2024-33571 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Staff VOD Infomaniak allows Reflected XSS.This issue affects VOD Infomaniak: from n/a through 1.5.6. | |||||
| CVE-2024-33562 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5. | |||||