Total
38258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54315 | 1 Nicheaddons | 1 Events Addon For Elementor | 2025-04-11 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.2. | |||||
| CVE-2024-54316 | 1 Nicheaddons | 1 Restaurant \& Cafe Addon For Elementor | 2025-04-11 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows DOM-Based XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.8. | |||||
| CVE-2024-31544 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-11 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record. | |||||
| CVE-2024-11203 | 1 Wpdeveloper | 1 Embedpress | 2025-04-11 | N/A | 6.4 MEDIUM |
| The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-32337 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module. | |||||
| CVE-2024-32338 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module. | |||||
| CVE-2023-29508 | 1 Xwiki | 1 Xwiki | 2025-04-11 | N/A | 8.9 HIGH |
| XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. | |||||
| CVE-2024-32339 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | |||||
| CVE-2024-32340 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 9.6 CRITICAL |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module. | |||||
| CVE-2023-49086 | 1 Cacti | 1 Cacti | 2025-04-11 | N/A | 5.4 MEDIUM |
| Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. The impact of the vulnerability is execution of arbitrary JavaScript code in the attacked user's browser. This issue has been patched in version 1.2.27. | |||||
| CVE-2024-32341 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | |||||
| CVE-2024-32344 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | N/A | 6.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section. | |||||
| CVE-2024-32345 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | N/A | 7.2 HIGH |
| A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section. | |||||
| CVE-2024-32743 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.5 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module. | |||||
| CVE-2024-32744 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 4.6 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module. | |||||
| CVE-2024-30879 | 1 Rageframe | 1 Rageframe | 2025-04-11 | N/A | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. | |||||
| CVE-2024-32745 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.9 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module. | |||||
| CVE-2024-30880 | 1 Rageframe | 1 Rageframe | 2025-04-11 | N/A | 5.4 MEDIUM |
| Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function. | |||||
| CVE-2024-31120 | 1 Wpdevart | 1 Gallery | 2025-04-11 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | |||||
| CVE-2024-30524 | 1 Redlettuce | 1 Pdf Viewer For Elementor | 2025-04-11 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedLettuce Plugins PDF Viewer for Elementor allows Stored XSS.This issue affects PDF Viewer for Elementor: from n/a through 2.9.3. | |||||