Total
28117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37624 | 1 Rockoa | 1 Rockoa | 2024-07-18 | N/A | 6.1 MEDIUM |
| Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component. | |||||
| CVE-2024-37625 | 1 Zhimengzhel | 1 Ibarn | 2024-07-18 | N/A | 6.1 MEDIUM |
| zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php. | |||||
| CVE-2023-26913 | 1 Evolucare | 1 Ecs Imaging | 2024-07-18 | N/A | 6.1 MEDIUM |
| EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. php. | |||||
| CVE-2018-16254 | 1 Soflyy | 1 Wp All Import | 2024-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | |||||
| CVE-2024-4201 | 1 Gitlab | 1 Gitlab | 2024-07-18 | N/A | 4.4 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. | |||||
| CVE-2024-35731 | 1 Wpmoose | 1 Kenta Blocks | 2024-07-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor: from n/a through 1.3.9. | |||||
| CVE-2024-35681 | 1 Gvectors | 1 Wpdiscuz | 2024-07-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18. | |||||
| CVE-2022-3704 | 1 Rubyonrails | 1 Rails | 2024-07-18 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. NOTE: Maintainer declares that there isn’t a valid attack vector. The issue was wrongly reported as a security vulnerability by a non-member of the Rails team. | |||||
| CVE-2024-35687 | 1 Link Library Project | 1 Link Library | 2024-07-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3. | |||||
| CVE-2024-35688 | 1 Master-addons | 1 Master Addons | 2024-07-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.9. | |||||
| CVE-2023-34941 | 1 Asus | 2 Rt-n10lx, Rt-n10lx Firmware | 2024-07-18 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-35859 | 1 Moderncampus | 1 Omni Cms | 2024-07-18 | N/A | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters. | |||||
| CVE-2024-24885 | 1 Levantoan | 1 Woocommerce Vietnam Checkout | 2024-07-18 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê V?n To?n Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7. | |||||
| CVE-2024-4711 | 1 Connekthq | 1 Ajax Load More | 2024-07-18 | N/A | 5.4 MEDIUM |
| The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-35734 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-07-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10. | |||||
| CVE-2024-35733 | 1 Richardlerma | 1 Auto Coupons For Woocommerce | 2024-07-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RLDD Auto Coupons for WooCommerce allows Reflected XSS.This issue affects Auto Coupons for WooCommerce: from n/a through 3.0.14. | |||||
| CVE-2024-35732 | 1 Yithemes | 1 Yith Custom Login | 2024-07-18 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0. | |||||
| CVE-2024-4042 | 1 Pickplugins | 1 Comboblocks | 2024-07-18 | N/A | 5.4 MEDIUM |
| The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-6956 | 1 Getaawp | 1 Amazon Affiliates | 2024-07-18 | N/A | 6.1 MEDIUM |
| The EasyAzon – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘easyazon-cloaking-locale’ parameter in all versions up to, and including, 5.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2023-38255 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-07-18 | N/A | 6.1 MEDIUM |
| A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device. | |||||