Search Results (47249 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-39863 1 Apache 1 Airflow 2024-11-21 5.4 Medium
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
CVE-2024-39735 1 Ibm 2 Datacap, Datacap Navigator 2024-11-21 5.4 Medium
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002.
CVE-2024-39728 1 Ibm 2 Datacap, Datacap Navigator 2024-11-21 6.4 Medium
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967.
CVE-2024-39374 1 Markoni 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more 2024-11-21 9.8 Critical
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials.
CVE-2024-39308 1 Rails Admin Project 1 Rails Admin 2024-11-21 5.4 Medium
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
CVE-2024-39143 1 Coderberg 1 Residencecms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload.
CVE-2024-39124 1 Roundup-tracker 1 Roundup 2024-11-21 6.1 Medium
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
CVE-2024-38972 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/.
CVE-2024-38786 1 Burgersoftwares 1 Cozipress 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.This issue affects CoziPress: from n/a through 1.0.30.
CVE-2024-38784 1 Livemesh 1 Beaver Builder Addons 2024-11-21 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1.
CVE-2024-38782 1 Mapsmarker 1 Leaflet Maps Marker 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U. Leaflet Maps Marker allows Stored XSS.This issue affects Leaflet Maps Marker: from n/a through 3.12.9.
CVE-2024-38521 1 Hushline 1 Hush Line 2024-11-21 8.8 High
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.
CVE-2024-38507 1 Jetbrains 1 Hub 2024-11-21 3.5 Low
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
CVE-2024-38493 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
CVE-2024-38436 1 Commugen 1 Sox 365 2024-11-21 6.1 Medium
Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38430 1 Matrix-globalservices 1 Tafnit 2024-11-21 5.4 Medium
Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38354 1 Hackmd 1 Codimd 2024-11-21 8.1 High
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.
CVE-2024-38281 1 Motorola 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware 2024-11-21 9.8 Critical
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device.
CVE-2024-37958 1 Mekshq 1 Meks Smart Author Widget 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.
CVE-2024-37956 1 Vektor-inc 1 Vk All In One Expansion Unit 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.