Total
36252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47765 | 1 Jgniecki | 1 Minecraft Motd Parser | 2024-11-13 | N/A | 6.1 MEDIUM |
| Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6. | |||||
| CVE-2024-51213 | 2024-11-12 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component. | |||||
| CVE-2024-51026 | 2024-11-12 | N/A | 5.4 MEDIUM | ||
| The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field. | |||||
| CVE-2024-51135 | 2024-11-12 | N/A | 9.8 CRITICAL | ||
| An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. | |||||
| CVE-2024-50601 | 2024-11-12 | N/A | 6.1 MEDIUM | ||
| Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixed in versions 10.3.3.67, 10.4.42, and 10.5.29. | |||||
| CVE-2024-51782 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sanjaysolutions Loginplus allows Stored XSS.This issue affects Loginplus: from n/a through 1.2. | |||||
| CVE-2024-51612 | 2024-11-12 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ken Charity Reftagger Shortcode allows Stored XSS.This issue affects Reftagger Shortcode: from n/a through 1.1. | |||||
| CVE-2024-51717 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Perception System Ajax Content Filter allows Reflected XSS.This issue affects Ajax Content Filter: from n/a through 1.0. | |||||
| CVE-2024-51694 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Digfish Geotagged Media allows Reflected XSS.This issue affects Geotagged Media: from n/a through 0.3.0. | |||||
| CVE-2024-51676 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delisho allows Reflected XSS.This issue affects Delisho: from n/a through 1.0.6. | |||||
| CVE-2024-51719 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevin Walker, Roman Peterhans Simplistic SEO allows Reflected XSS.This issue affects Simplistic SEO: from n/a through 2.3.0. | |||||
| CVE-2024-51778 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Starfish Reviews Satisfaction Reports from Help Scout allows Reflected XSS.This issue affects Satisfaction Reports from Help Scout: from n/a through 2.0.3. | |||||
| CVE-2024-51695 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fabrica Fabrica Synced Pattern Instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through 1.0.8. | |||||
| CVE-2024-51629 | 2024-11-12 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MetricThemes Header Footer Composer for Elementor allows DOM-Based XSS.This issue affects Header Footer Composer for Elementor: from n/a through 1.0.4. | |||||
| CVE-2024-51713 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TRe Technology And Research S.R.L HQ60 Fidelity Card allows Reflected XSS.This issue affects HQ60 Fidelity Card: from n/a through 1.8. | |||||
| CVE-2024-51759 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Detlef Beyer SVT Simple allows Reflected XSS.This issue affects SVT Simple: from n/a through 1.0.1. | |||||
| CVE-2024-51711 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in saragna Saragna allows Reflected XSS.This issue affects Saragna: from n/a through 1.0. | |||||
| CVE-2024-51714 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Syed Umair Hussain Shah User Password Reset allows Reflected XSS.This issue affects User Password Reset: from n/a through 1.0. | |||||
| CVE-2024-51712 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visser Labs Jigoshop – Store Toolkit allows Reflected XSS.This issue affects Jigoshop – Store Toolkit: from n/a through 1.4.0. | |||||
| CVE-2024-51709 | 2024-11-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Dietz TeleAdmin allows Reflected XSS.This issue affects TeleAdmin: from n/a through 1.0.0. | |||||