Total
36252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34444 | 1 Combodo | 1 Itop | 2024-11-06 | N/A | 6.1 MEDIUM |
| Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-34443 | 1 Combodo | 1 Itop | 2024-11-06 | N/A | 6.1 MEDIUM |
| Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-48059 | 2024-11-05 | N/A | 6.1 MEDIUM | ||
| gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's browser. | |||||
| CVE-2024-45366 | 2024-11-05 | N/A | 6.1 MEDIUM | ||
| Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. | |||||
| CVE-2024-24510 | 2024-11-05 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component. | |||||
| CVE-2024-10743 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been classified as problematic. Affected is an unknown function of the file /shopping/admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10744 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10745 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10746 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10747 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_th.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10754 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10755 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Affected is an unknown function of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10756 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10757 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/js_data.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-47801 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | N/A | 6.1 MEDIUM |
| Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. | |||||
| CVE-2024-48870 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | N/A | 4.8 MEDIUM |
| Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users. | |||||
| CVE-2024-48057 | 2024-11-05 | N/A | 6.1 MEDIUM | ||
| localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage. | |||||
| CVE-2024-10342 | 1 Tezzeract | 1 League Of Legends Shortcodes | 2024-11-05 | N/A | 5.4 MEDIUM |
| The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-10150 | 1 Bamazoo | 1 Button Generator | 2024-11-05 | N/A | 5.4 MEDIUM |
| The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-9607 | 1 10web | 1 10web Social Post Feed | 2024-11-05 | N/A | 6.1 MEDIUM |
| The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Please note this is only exploitable when the leave a review notice is present. | |||||