Total
36489 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42818 | 1 Fastapi-admin | 1 Fastapi-admin Pro | 2024-08-26 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | ||||
| CVE-2024-8140 | 2 Rems, Sourcecodester | 2 Task Progress Tracker, Task Progress Tracker | 2024-08-26 | 3.5 Low |
| A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8141 | 2 Rems, Sourcecodester | 2 Daily Calories Monitoring Tool, Daily Calories Monitoring Tool | 2024-08-26 | 3.5 Low |
| A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-calorie.php. The manipulation of the argument calorie_date/calorie_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8142 | 2 Rems, Sourcecodester | 2 Daily Calories Monitoring Tool, Daily Calories Monitoring Tool | 2024-08-26 | 3.5 Low |
| A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/delete-calorie.php. The manipulation of the argument calorie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8151 | 2 Rems, Sourcecodester | 2 Interactive Map With Marker, Interactive Map With Marker | 2024-08-26 | 3.5 Low |
| A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8154 | 2 Rems, Sourcecodester | 2 Qr Code Bookmark System, Qr Code Bookmark System | 2024-08-26 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tbl_bookmark_id/name/url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8152 | 2 Rems, Sourcecodester | 2 Qr Code Bookmark System, Qr Code Bookmark System | 2024-08-26 | 3.5 Low |
| A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8153 | 2 Rems, Sourcecodester | 2 Qr Code Bookmark System, Qr Code Bookmark System | 2024-08-26 | 3.5 Low |
| A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7775 | 1 Bitapps | 1 Contact Form Builder | 2024-08-26 | 5.5 Medium |
| The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary JavaScript files to the affected site's server. | ||||
| CVE-2024-43442 | 2024-08-26 | 4.9 Medium | ||
| Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected | ||||
| CVE-2024-41774 | 1 Ibm | 1 Common Licensing | 2024-08-24 | 4.8 Medium |
| IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. | ||||
| CVE-2024-42852 | 1 Microfocus | 1 Acutoweb | 2024-08-23 | 6.1 Medium |
| Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component. | ||||
| CVE-2024-7427 | 2024-08-23 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2. | ||||
| CVE-2024-41675 | 1 Okfn | 1 Ckan | 2024-08-23 | 6.8 Medium |
| CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0. | ||||
| CVE-2020-11850 | 2 Microfocus, Opentext | 2 Netiq Self Service Password Reset, Self Service Password Reset | 2024-08-23 | 7.3 High |
| Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 | ||||
| CVE-2024-43407 | 1 Ckeditor | 1 Ckeditor | 2024-08-23 | 6.1 Medium |
| CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSHi library was included as a vendor dependency in CKEditor 4 source files. In a specific scenario, an attacker could craft a malicious script that could be executed by sending a request to the GeSHi library hosted on a PHP web server. The GeSHi library is no longer actively maintained. Due to the lack of ongoing support and updates, potential security vulnerabilities have been identified with its continued use. To mitigate these risks and enhance the overall security of the CKEditor 4, we have decided to completely remove the GeSHi library as a dependency. This change aims to maintain a secure environment and reduce the risk of any security incidents related to outdated or unsupported software. The fix is be available in version 4.25.0-lts. | ||||
| CVE-2023-6452 | 1 Forcepoint | 1 Web Security | 2024-08-23 | 9.6 Critical |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed reports on user requests made through the Web proxy. It has been determined that the "user agent" field in the Transaction Viewer is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability, which can be exploited by any user who can route traffic through the Forcepoint Web proxy. This vulnerability enables unauthorized attackers to execute JavaScript within the browser context of a Forcepoint administrator, thereby allowing them to perform actions on the administrator's behalf. Such a breach could lead to unauthorized access or modifications, posing a significant security risk. This issue affects Web Security: before 8.5.6. | ||||
| CVE-2024-20443 | 1 Cisco | 1 Identity Services Engine | 2024-08-23 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. | ||||
| CVE-2024-20479 | 1 Cisco | 1 Identity Services Engine | 2024-08-23 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have Admin privileges on an affected device. | ||||
| CVE-2023-26211 | 1 Fortinet | 1 Fortisoar | 2024-08-22 | 6.4 Medium |
| An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. | ||||