Total
28117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40873 | 2024-07-26 | N/A | 4.5 MEDIUM | ||
| There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editing the same management object. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high. | |||||
| CVE-2024-6558 | 2024-07-26 | N/A | 6.3 MEDIUM | ||
| HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks. | |||||
| CVE-2024-41809 | 2024-07-26 | N/A | 7.2 HIGH | ||
| OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html. | |||||
| CVE-2024-28772 | 2024-07-26 | N/A | 6.8 MEDIUM | ||
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. | |||||
| CVE-2024-41808 | 2024-07-26 | N/A | 8.8 HIGH | ||
| The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim's account provided they meet the exploitation steps. As of time of publication, no patched version is available. | |||||
| CVE-2024-39031 | 2024-07-25 | N/A | 5.4 MEDIUM | ||
| In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when creating an event and then add the administrator or any user to the event. When the invited user (victim) views their own profile, the payload will be executed on their side, even if they do not click on the event. | |||||
| CVE-2024-37878 | 1 Twcms | 1 Twcms | 2024-07-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources | |||||
| CVE-2024-37223 | 1 Nicdarkthemes | 1 Restaurant Food | 2024-07-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0. | |||||
| CVE-2024-37229 | 1 Auburnforest | 1 Blogmentor | 2024-07-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor – Blog Layouts for Elementor: from n/a through 1.5. | |||||
| CVE-2024-37239 | 1 Wpmudev | 1 Branda | 2024-07-25 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17. | |||||
| CVE-2024-37221 | 1 Kimili | 1 Kimili Flash Embed | 2024-07-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3. | |||||
| CVE-2024-37219 | 1 Pagebuildersandwich | 1 Page Builder Sandwich | 2024-07-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PBN Hosting SL Page Builder Sandwich – Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0. | |||||
| CVE-2024-37217 | 1 Prowcplugins | 1 Empty Cart Button For Woocommerce | 2024-07-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8. | |||||
| CVE-2024-37216 | 1 Generatewp | 1 Sketchfab Embed | 2024-07-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5. | |||||
| CVE-2024-37215 | 1 Creativeinteractivemedia | 1 Transition Slider | 2024-07-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeinteractivemedia Transition Slider – Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider – Responsive Image Slider and Gallery: from n/a through 2.20.3. | |||||
| CVE-2024-37211 | 1 Ali2woo | 1 Aliexpress Dropshipping With Alinext | 2024-07-25 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | |||||
| CVE-2024-37206 | 1 Theme4press | 1 Demo Awesome | 2024-07-25 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme4Press Demo Awesome allows Reflected XSS.This issue affects Demo Awesome: from n/a through 1.0.1. | |||||
| CVE-2024-37199 | 1 Kriesi | 1 Enfold | 2024-07-25 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9. | |||||
| CVE-2024-37122 | 1 Oxilab | 1 Accordions | 2024-07-25 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5. | |||||
| CVE-2024-37121 | 1 Oxilab | 1 Shortcode Addons | 2024-07-25 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5. | |||||