Total
28117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40602 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-34481 | 1 Kontextwork | 1 Drupal Wiki | 2024-07-09 | N/A | 6.1 MEDIUM |
| drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page. | |||||
| CVE-2024-23998 | 1 Goanother | 1 Another Redis Desktop Manager | 2024-07-09 | N/A | 9.6 CRITICAL |
| goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue. | |||||
| CVE-2024-40605 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-34105 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-07-09 | N/A | 4.8 MEDIUM |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2024-39203 | 1 Zblogcn | 1 Z-blogphp | 2024-07-09 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-44315 | 1 Siemens | 1 Sinec Nms | 2024-07-09 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users. | |||||
| CVE-2022-29034 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. | |||||
| CVE-2024-6523 | 1 Zkteco | 1 Biotime | 2024-07-08 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input <script>alert('XSS')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270366 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-23997 | 1 Lukasbach | 1 Yana | 2024-07-08 | N/A | 9.6 CRITICAL |
| Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. | |||||
| CVE-2024-29318 | 1 Personal-management-system | 1 Personal Management System | 2024-07-08 | N/A | 5.4 MEDIUM |
| Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code. | |||||
| CVE-2024-39308 | 2024-07-08 | N/A | 6.8 MEDIUM | ||
| RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released). | |||||
| CVE-2024-39174 | 2024-07-08 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. | |||||
| CVE-2024-6526 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-07-08 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1b3da45308bb6c3f55247d0e99620b600bd85277. It is recommended to apply a patch to fix this issue. The identifier VDB-270369 was assigned to this vulnerability. | |||||
| CVE-2024-3276 | 1 Fooplugins | 1 Foobox | 2024-07-08 | N/A | 4.8 MEDIUM |
| The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-36997 | 2024-07-08 | N/A | 8.1 HIGH | ||
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit. | |||||
| CVE-2024-34452 | 2024-07-08 | N/A | 6.1 MEDIUM | ||
| CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document. | |||||
| CVE-2024-31839 | 2024-07-08 | N/A | 4.8 MEDIUM | ||
| Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. | |||||
| CVE-2024-2234 | 1 2code | 1 Himer | 2024-07-08 | N/A | 5.4 MEDIUM |
| The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-34349 | 2024-07-08 | N/A | 4.8 MEDIUM | ||
| Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The code will be executed while using an autocomplete field with one of the listed entities in the Admin Panel. Also for the taxons in the category tree on the product form.The issue is fixed in versions: 1.12.16, 1.13.1. | |||||