Total
35944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33981 | 1 Janobe | 3 Credit Card, Debit Card Payment, Paypal | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/index.php'. | ||||
| CVE-2024-33980 | 1 Janobe | 3 Credit Card, Debit Card Payment, Paypal | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/printreport.php'. | ||||
| CVE-2024-33979 | 1 Janobe | 3 Credit Card, Debit Card Payment, Paypal | 2024-08-15 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'departure' and 'accomodation' parameters in '/index.php'. | ||||
| CVE-2024-40484 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-15 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. | ||||
| CVE-2024-40481 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-15 | 6.1 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter. | ||||
| CVE-2024-40474 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, House-rental-and-property-listing-php-full-source-code | 2024-08-15 | 8.8 High |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0. | ||||
| CVE-2024-43161 | 2024-08-14 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2. | ||||
| CVE-2024-38724 | 2024-08-14 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5. | ||||
| CVE-2024-41613 | 1 Symphony-cms | 1 Symphony Cms | 2024-08-14 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note. | ||||
| CVE-2024-43123 | 2024-08-14 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Card Elements for Elementor allows Stored XSS.This issue affects Card Elements for Elementor: from n/a through 1.2.2. | ||||
| CVE-2024-43150 | 2024-08-14 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.4.2. | ||||
| CVE-2024-39400 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | 8.1 High |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts. | ||||
| CVE-2024-39403 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | 7.6 High |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information. | ||||
| CVE-2024-43155 | 2024-08-14 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86. | ||||
| CVE-2024-6532 | 2024-08-14 | 6.4 Medium | ||
| The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWT_Sheet_Table shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-43220 | 2024-08-13 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26. | ||||
| CVE-2024-43130 | 2024-08-13 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.10. | ||||
| CVE-2024-43125 | 2024-08-13 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder – WordPress Table Plugin allows Stored XSS.This issue affects WP Table Builder – WordPress Table Plugin: from n/a through 1.4.15. | ||||
| CVE-2024-21550 | 1 Steve-community | 1 Steve | 2024-08-13 | 6.1 Medium |
| SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface. | ||||
| CVE-2024-43156 | 2024-08-13 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10. | ||||