Search Results (47196 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-34686 1 Sap 1 Customer Relationship Management Webclient Ui 2024-11-21 6.1 Medium
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
CVE-2024-34685 1 Sap 1 Netweaver Knowledge Management And Collaboration \(kmc-cm\) 2024-11-21 6.1 Medium
Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application but it has a low impact on its confidentiality and integrity.
CVE-2024-34142 1 Adobe 2 Adobe Experience Manager, Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-34141 1 Adobe 2 Adobe Experience Manager, Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-34128 1 Adobe 1 Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-34120 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-34119 1 Adobe 1 Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-34105 1 Adobe 3 Commerce, Commerce Webhooks, Magento 2024-11-21 4.8 Medium
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-33933 1 Brainstormforce 1 Elementor - Header\, Footer \& Blocks Template 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35.
CVE-2024-33253 2 Gunet, Openeclass 2 Open Eclass Platform, Openeclass 2024-11-21 6 Medium
Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.
CVE-2024-32464 1 Rubyonrails 1 Rails 2024-11-21 6.1 Medium
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.
CVE-2024-31971 1 Adtran 2 Netvanta 3120, Netvanta 3120 Firmware 2024-11-21 6.1 Medium
Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html.
CVE-2024-31835 1 Flatpress 1 Flatpress 2024-11-21 4.7 Medium
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
CVE-2024-31160 1 Asus 1 Download Master 2024-11-21 4.8 Medium
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.
CVE-2024-31159 1 Asus 1 Download Master 2024-11-21 4.8 Medium
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.
CVE-2024-31138 1 Jetbrains 1 Teamcity 2024-11-21 4.6 Medium
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
CVE-2024-31137 1 Jetbrains 1 Teamcity 2024-11-21 6.8 Medium
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
CVE-2024-2762 1 Fooplugins 1 Foogallery 2024-11-21 6.3 Medium
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
CVE-2024-2640 1 Kibokolabs 1 Watu Quiz 2024-11-21 5.4 Medium
The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2024-2430 1 Matteoenna 1 Website Content In Page Or Post 2024-11-21 5.4 Medium
The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks