Export limit exceeded: 46614 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46614 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31835 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 4.7 Medium |
| Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. | ||||
| CVE-2024-31160 | 1 Asus | 1 Download Master | 2024-11-21 | 4.8 Medium |
| The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks. | ||||
| CVE-2024-31159 | 1 Asus | 1 Download Master | 2024-11-21 | 4.8 Medium |
| The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. | ||||
| CVE-2024-31138 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.6 Medium |
| In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | ||||
| CVE-2024-31137 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.8 Medium |
| In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | ||||
| CVE-2024-2762 | 1 Fooplugins | 1 Foogallery | 2024-11-21 | 6.3 Medium |
| The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | ||||
| CVE-2024-2640 | 1 Kibokolabs | 1 Watu Quiz | 2024-11-21 | 5.4 Medium |
| The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2024-2430 | 1 Matteoenna | 1 Website Content In Page Or Post | 2024-11-21 | 5.4 Medium |
| The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2404 | 1 Utopique | 1 Better Comments | 2024-11-21 | 5.4 Medium |
| The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-2375 | 1 2code | 1 Wpqa Builder | 2024-11-21 | 5.4 Medium |
| The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2234 | 1 2code | 1 Himer | 2024-11-21 | 5.4 Medium |
| The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2171 | 1 Zenml | 1 Zenml | 2024-11-21 | 4.8 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise. | ||||
| CVE-2024-2075 | 2024-11-21 | 3.5 Low | ||
| A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391. | ||||
| CVE-2024-29471 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 5.4 Medium |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. | ||||
| CVE-2024-29004 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.1 High |
| The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. | ||||
| CVE-2024-28984 | 1 Hitachi | 1 Pentaho Business Analytics Server | 2024-11-21 | 8.8 High |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | ||||
| CVE-2024-28979 | 1 Dell | 1 Openmanage Enterprise | 2024-11-21 | 5.1 Medium |
| Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2024-28798 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 7.2 High |
| IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172. | ||||
| CVE-2024-28797 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 6.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136. | ||||
| CVE-2024-28796 | 1 Ibm | 1 Rational Clearquest | 2024-11-21 | 6.4 Medium |
| IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833. | ||||