Export limit exceeded: 47058 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47058 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39143 | 1 Coderberg | 1 Residencecms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload. | ||||
| CVE-2024-39124 | 1 Roundup-tracker | 1 Roundup | 2024-11-21 | 6.1 Medium |
| In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. | ||||
| CVE-2024-38972 | 1 Netbox | 1 Netbox | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/. | ||||
| CVE-2024-38786 | 1 Burgersoftwares | 1 Cozipress | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.This issue affects CoziPress: from n/a through 1.0.30. | ||||
| CVE-2024-38784 | 1 Livemesh | 1 Beaver Builder Addons | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1. | ||||
| CVE-2024-38782 | 1 Mapsmarker | 1 Leaflet Maps Marker | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U. Leaflet Maps Marker allows Stored XSS.This issue affects Leaflet Maps Marker: from n/a through 3.12.9. | ||||
| CVE-2024-38521 | 1 Hushline | 1 Hush Line | 2024-11-21 | 8.8 High |
| Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0. | ||||
| CVE-2024-38507 | 1 Jetbrains | 1 Hub | 2024-11-21 | 3.5 Low |
| In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | ||||
| CVE-2024-38493 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | ||||
| CVE-2024-38436 | 1 Commugen | 1 Sox 365 | 2024-11-21 | 6.1 Medium |
| Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2024-38430 | 1 Matrix-globalservices | 1 Tafnit | 2024-11-21 | 5.4 Medium |
| Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2024-38354 | 1 Hackmd | 1 Codimd | 2024-11-21 | 8.1 High |
| CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4. | ||||
| CVE-2024-38281 | 1 Motorola | 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware | 2024-11-21 | 9.8 Critical |
| An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. | ||||
| CVE-2024-37958 | 1 Mekshq | 1 Meks Smart Author Widget | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4. | ||||
| CVE-2024-37956 | 1 Vektor-inc | 1 Vk All In One Expansion Unit | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0. | ||||
| CVE-2024-37955 | 1 Makegutenblock | 1 Gutslider | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a through 2.7.3. | ||||
| CVE-2024-37954 | 1 Marcelotorres | 1 Simple Responsive Slider | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5. | ||||
| CVE-2024-37888 | 1 Mlewand | 1 Open Link | 2024-11-21 | 6.1 Medium |
| The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**. | ||||
| CVE-2024-37856 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. | ||||
| CVE-2024-37800 | 2 Code-projects, Health Care Hospital Management System Project | 2 Restaurant Reservation System, Health Care Hospital Management System | 2024-11-21 | 6.1 Medium |
| CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. | ||||