Total
251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28832 | 2024-06-25 | N/A | 4.8 MEDIUM | ||
| Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings. | |||||
| CVE-2024-28831 | 2024-06-25 | N/A | 5.4 MEDIUM | ||
| Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up. | |||||
| CVE-2022-38055 | 1 Gvectors | 1 Wpforo Forum | 2024-06-24 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. | |||||
| CVE-2024-6251 | 2024-06-24 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an unknown function of the file /index.php?app=main&inc=feature_phonebook&op=phonebook_list of the component New Phonebook Handler. The manipulation of the argument name/email leads to basic cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269418 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6183 | 2024-06-20 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Affected is an unknown function of the component Forgot Password Handler. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-269154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5741 | 2024-06-17 | N/A | 6.5 MEDIUM | ||
| Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | |||||
| CVE-2024-5851 | 2024-06-13 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.8 is able to address this issue. The name of the patch is 7a88920f6b536c6a91512e739bcb4e8adefeed2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-267912. NOTE: The code maintainer was contacted early about this disclosure and was eager to prepare a fix as quickly as possible. | |||||
| CVE-2024-32464 | 1 Rubyonrails | 1 Rails | 2024-06-11 | N/A | 6.1 MEDIUM |
| Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2. | |||||
| CVE-2024-37166 | 2024-06-11 | N/A | 8.9 HIGH | ||
| ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive protection against all types of XSS attacks in every scenario. This aligns with the approach taken by other template engines. Developers should be cautious and take additional measures to sanitize user input and prevent potential vulnerabilities. Additionally, the backtick character (`) is now also escaped to prevent the creation of strings in most cases where a malicious actor somehow gains the ability to write JavaScript. This does not provide comprehensive protection either. | |||||
| CVE-2024-37156 | 2024-06-07 | N/A | 6.1 MEDIUM | ||
| The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3. | |||||
| CVE-2023-23735 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0. | |||||
| CVE-2023-47513 | 2024-06-04 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in ARI Soft ARI Stream Quiz allows Code Injection.This issue affects ARI Stream Quiz: from n/a through 1.3.2. | |||||
| CVE-2023-46310 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10. | |||||
| CVE-2023-45635 | 2024-06-04 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6. | |||||
| CVE-2023-39161 | 2024-06-04 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Discussion Board Discussion Board allows Content Spoofing, Cross-Site Scripting (XSS).This issue affects Discussion Board: from n/a through 2.4.8. | |||||
| CVE-2023-47663 | 2024-06-04 | N/A | 4.6 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Menno Luitjes Foyer allows Code Injection.This issue affects Foyer: from n/a through 1.7.5. | |||||
| CVE-2023-40557 | 2024-06-04 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in PickPlugins Tabs & Accordion allows Code Injection.This issue affects Tabs & Accordion: from n/a through 1.3.10. | |||||
| CVE-2023-45053 | 2024-06-04 | N/A | 4.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through 1.3.3. | |||||
| CVE-2023-49852 | 2024-06-04 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4. | |||||
| CVE-2023-48285 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79. | |||||