Total
35918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43961 | 1 Azurecurve | 1 Toggle Show\/hide | 2024-09-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Toggle Show/Hide: from n/a through 2.1.3. | |||||
| CVE-2024-7077 | 1 Semtekyazilim | 1 Semtek Sempos | 2024-09-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Reflected XSS.This issue affects Semtek Sempos: through 31072024. | |||||
| CVE-2024-8411 | 1 Abcd-community | 1 Abcd | 2024-09-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in ABCD ABCD2 up to 2.2.0-beta-1. This issue affects some unknown processing of the file /buscar_integrada.php. The manipulation of the argument Sub_Expresion leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7654 | 1 Progress | 1 Openedge | 2024-09-05 | N/A | 6.1 MEDIUM |
| An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users. Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default. | |||||
| CVE-2024-43359 | 1 Zoneminder | 1 Zoneminder | 2024-09-04 | N/A | 6.1 MEDIUM |
| ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61. | |||||
| CVE-2024-43358 | 1 Zoneminder | 1 Zoneminder | 2024-09-04 | N/A | 6.1 MEDIUM |
| ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61. | |||||
| CVE-2024-44820 | 1 Zzcms | 1 Zzcms | 2024-09-04 | N/A | 6.1 MEDIUM |
| A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, which exposes detailed information about the PHP environment, including server configuration, loaded modules, and environment variables. | |||||
| CVE-2024-45046 | 1 Phpoffice | 1 Phpspreadsheet | 2024-09-04 | N/A | 5.4 MEDIUM |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker may used a crafted spreadsheet to fully takeover a session of a user viewing spreadsheet files as HTML. This issue has been addressed in release version 2.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-8328 | 1 Easy Test Online Learning And Testing Platform Project | 1 Easy Test Online Learning And Testing Platform | 2024-09-04 | N/A | 5.4 MEDIUM |
| Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks. | |||||
| CVE-2024-41371 | 1 Organizr | 1 Organizr | 2024-09-04 | N/A | 6.1 MEDIUM |
| Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. | |||||
| CVE-2024-41351 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php | |||||
| CVE-2024-41350 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php | |||||
| CVE-2024-41348 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 6.1 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php | |||||
| CVE-2024-41347 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 6.1 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php | |||||
| CVE-2024-41346 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 5.4 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php | |||||
| CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | |||||
| CVE-2024-8004 | 1 3ds | 1 3dexperience Enovia | 2024-09-04 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2024-7938 | 1 3ds | 1 3dexperience | 2024-09-04 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2024-38858 | 1 Checkmk | 1 Checkmk | 2024-09-04 | N/A | 6.1 MEDIUM |
| Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | |||||
| CVE-2024-5024 | 1 Memberpress | 1 Memberpress | 2024-09-04 | N/A | 6.1 MEDIUM |
| The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||