Total
30603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31361 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1. | |||||
| CVE-2024-31357 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2. | |||||
| CVE-2024-31349 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch – Grow your Email List allows Stored XSS.This issue affects MailMunch – Grow your Email List: from n/a through 3.1.6. | |||||
| CVE-2024-31348 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5. | |||||
| CVE-2024-31346 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1. | |||||
| CVE-2024-31344 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6. | |||||
| CVE-2024-31306 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3. | |||||
| CVE-2024-31258 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6. | |||||
| CVE-2024-31257 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6. | |||||
| CVE-2024-31256 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.10. | |||||
| CVE-2024-31255 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | |||||
| CVE-2024-31236 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93. | |||||
| CVE-2024-31204 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEV_MODE. The system saves exception details into a session array without proper sanitization or encoding. These details are later rendered into HTML and executed in a JavaScript block within the user's browser, without adequate escaping of HTML entities. This flaw allows for Cross-Site Scripting (XSS) attacks, where attackers can inject malicious scripts into the admin panel by triggering exceptions with controlled input. The exploitation method involves using any function that might throw an exception with user-controllable argument. This issue can lead to session hijacking and unauthorized administrative actions, posing a significant security risk. Version 2024-04 contains a fix for the issue. | |||||
| CVE-2024-31160 | 1 Asus | 1 Download Master | 2024-11-21 | N/A | 4.8 MEDIUM |
| The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks. | |||||
| CVE-2024-31159 | 1 Asus | 1 Download Master | 2024-11-21 | N/A | 4.8 MEDIUM |
| The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. | |||||
| CVE-2024-31156 | 2024-11-21 | N/A | 8.0 HIGH | ||
| A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-31138 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | |||||
| CVE-2024-31137 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 6.8 MEDIUM |
| In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | |||||
| CVE-2024-31123 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderFAQ allows Reflected XSS.This issue affects SpiderFAQ: from n/a through 1.3.2. | |||||
| CVE-2024-31122 | 2024-11-21 | N/A | 5.8 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism IT Systems User Rights Access Manager allows Reflected XSS.This issue affects User Rights Access Manager: from n/a through 1.1.2. | |||||