Total
38990 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45057 | 1 Portabilis | 1 I-educar | 2024-09-13 | N/A | 6.1 MEDIUM |
| i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at `ieducar/intranet/include/clsCampos.inc.php` does not properly validate or sanitize user-controlled input, leading to the vulnerability. Any page that uses this implementation is vulnerable, such as `intranet/educar_curso_lst.php?nm_curso=<payload>`, `intranet/atendidos_lst.php?nm_pessoa=<payload>`, `intranet/educar_abandono_tipo_lst?nome=<payload>`. Commit f2d768534aabc09b2a1fc8a5cc5f9c93925cb273 contains a patch for the issue. | |||||
| CVE-2024-8276 | 1 Wpzoom | 1 Wpzoom Portfolio | 2024-09-13 | N/A | 5.4 MEDIUM |
| The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2021-38122 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 8.2 HIGH |
| A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | |||||
| CVE-2024-44851 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-13 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | |||||
| CVE-2024-6018 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | N/A | 6.1 MEDIUM |
| The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||
| CVE-2024-6019 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | N/A | 6.1 MEDIUM |
| The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators | |||||
| CVE-2024-6700 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | |||||
| CVE-2024-6701 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | |||||
| CVE-2024-6702 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | |||||
| CVE-2020-24061 | 1 Kasdanet | 2 Kw5515, Kw5515 Firmware | 2024-09-13 | N/A | 4.3 MEDIUM |
| Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script | |||||
| CVE-2024-8695 | 1 Docker | 1 Desktop | 2024-09-13 | N/A | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. | |||||
| CVE-2024-8696 | 1 Docker | 1 Desktop | 2024-09-13 | N/A | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. | |||||
| CVE-2024-8605 | 1 Code-projects | 1 Inventory Management | 2024-09-13 | 5.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-45406 | 1 Craftcms | 1 Craft Cms | 2024-09-13 | N/A | 4.8 MEDIUM |
| Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input. | |||||
| CVE-2024-44872 | 1 Mozilo | 1 Mozilocms | 2024-09-13 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-7144 | 1 Crocoblock | 1 Jetelements | 2024-09-13 | N/A | 5.4 MEDIUM |
| The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-43476 | 1 Microsoft | 1 Dynamics 365 | 2024-09-13 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2024-43335 | 1 Cyberchimps | 1 Responsive Blocks | 2024-09-13 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8. | |||||
| CVE-2024-43342 | 1 Bdthemes | 1 Ultimate Store Kit | 2024-09-13 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4. | |||||
| CVE-2024-7939 | 1 3ds | 1 3dexperience | 2024-09-13 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||