Total
28117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33327 | 2024-07-11 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter. | |||||
| CVE-2024-40729 | 1 Netbox | 1 Netbox | 2024-07-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. | |||||
| CVE-2024-40728 | 1 Netbox | 1 Netbox | 2024-07-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/. | |||||
| CVE-2024-40732 | 1 Netbox | 1 Netbox | 2024-07-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/. | |||||
| CVE-2024-40738 | 1 Netbox | 1 Netbox | 2024-07-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/. | |||||
| CVE-2024-40737 | 1 Netbox | 1 Netbox | 2024-07-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add. | |||||
| CVE-2024-40741 | 1 Netbox | 1 Netbox | 2024-07-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/. | |||||
| CVE-2024-1168 | 1 Seopress | 1 Seopress | 2024-07-11 | N/A | 5.4 MEDIUM |
| The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-3558 | 1 Custom Field Suite Project | 1 Custom Field Suite | 2024-07-11 | N/A | 5.4 MEDIUM |
| The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-39595 | 2024-07-09 | N/A | 5.4 MEDIUM | ||
| SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application. | |||||
| CVE-2024-37174 | 2024-07-09 | N/A | 6.1 MEDIUM | ||
| Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application. | |||||
| CVE-2024-39594 | 2024-07-09 | N/A | 6.1 MEDIUM | ||
| SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application. | |||||
| CVE-2024-37173 | 2024-07-09 | N/A | 6.1 MEDIUM | ||
| Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application. | |||||
| CVE-2024-34685 | 2024-07-09 | N/A | 6.1 MEDIUM | ||
| Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application but it has a low impact on its confidentiality and integrity. | |||||
| CVE-2024-21730 | 2024-07-09 | N/A | N/A | ||
| The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | |||||
| CVE-2024-21731 | 2024-07-09 | N/A | N/A | ||
| Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | |||||
| CVE-2024-21729 | 2024-07-09 | N/A | N/A | ||
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | |||||
| CVE-2024-40600 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-40599 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 4.8 MEDIUM |
| An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-40604 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries. | |||||