Export limit exceeded: 47084 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47084 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-7163 1 Seacms 1 Seacms 2024-11-21 3.5 Low
A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability.
CVE-2024-7162 1 Seacms 1 Seacms 2024-11-21 3.5 Low
A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576.
CVE-2024-7155 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 2.5 Low
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7127 1 Stackposts 1 Social Marketing Tool 2024-11-21 6.1 Medium
Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthorised acquisition of information (e.g. cookies from a logged-in user). After multiple attempts to contact the vendor we did not receive any answer. Our team has confirmed the existence of this vulnerability. We suppose this issue affects Social Marketing Tool in all versions.
CVE-2024-7047 1 Gitlab 1 Gitlab 2024-11-21 7.7 High
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.
CVE-2024-6955 1 Jkev 1 Record Management System 2024-11-21 3.5 Low
A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort2.php. The manipulation of the argument qualification leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272076.
CVE-2024-6954 1 Jkev 1 Record Management System 2024-11-21 3.5 Low
A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file sort1.php. The manipulation of the argument position leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272077 was assigned to this vulnerability.
CVE-2024-6939 1 Xinhu 1 Rockoa 2024-11-21 3.5 Low
A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public/upload/tpl_upload.html. The manipulation of the argument callback leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271994 is the identifier assigned to this vulnerability.
CVE-2024-6935 1 Formtools 1 Form Tools 2024-11-21 2.4 Low
A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-6934 1 Formtools 1 Form Tools 2024-11-21 2.4 Low
A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-6932 1 Classcms Project 1 Classcms 2024-11-21 3.5 Low
A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271987.
CVE-2024-6907 1 Jkev 1 Record Management System 2024-11-21 3.5 Low
A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort.php. The manipulation of the argument sort leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271932.
CVE-2024-6892 1 Journyx 1 Journyx 2024-11-21 6.1 Medium
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
CVE-2024-6890 1 Journyx 1 Journyx 2024-11-21 8.8 High
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.
CVE-2024-6742 1 Space Management System Project 1 Space Management System 2024-11-21 5.4 Medium
AguardNet Technology's Space Management System does not properly filter user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected Cross-site scripting attacks.
CVE-2024-6740 1 Openfind 1 Mail2000 2024-11-21 6.1 Medium
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.
CVE-2024-6706 2 Debian, Openwebui 2 Debian Linux, Open Webui 2024-11-21 6.3 Medium
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
CVE-2024-6650 1 Oretnom23 1 Employee And Visitor Gate Pass Logging System 2024-11-21 2.4 Low
A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability.
CVE-2024-6578 1 Aimstack 1 Aim 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.
CVE-2024-6540 1 Otrs 1 Otrs 2024-11-21 5.7 Medium
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x