Total
30580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33554 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core allows Reflected XSS.This issue affects XStore Core: from n/a through 5.3.5. | |||||
| CVE-2024-33548 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10. | |||||
| CVE-2024-33540 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6. | |||||
| CVE-2024-33539 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZOOM Addons for Elementor (Templates, Widgets): from n/a through 1.1.35. | |||||
| CVE-2024-33537 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4. | |||||
| CVE-2024-33528 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload. | |||||
| CVE-2024-33527 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. | |||||
| CVE-2024-33526 | 2024-11-21 | N/A | 7.1 HIGH | ||
| A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. | |||||
| CVE-2024-33525 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. | |||||
| CVE-2024-33465 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. | |||||
| CVE-2024-33424 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section. | |||||
| CVE-2024-33401 | 2024-11-21 | N/A | N/A | ||
| Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. | |||||
| CVE-2024-33371 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. | |||||
| CVE-2024-33338 | 2024-11-21 | N/A | 7.3 HIGH | ||
| Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. | |||||
| CVE-2024-33327 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter. | |||||
| CVE-2024-33326 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter. | |||||
| CVE-2024-33306 | 2024-11-21 | N/A | 7.4 HIGH | ||
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. | |||||
| CVE-2024-33305 | 2024-11-21 | N/A | N/A | ||
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User. | |||||
| CVE-2024-33304 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. | |||||
| CVE-2024-33303 | 2024-11-21 | N/A | 8.2 HIGH | ||
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users. | |||||