Export limit exceeded: 345876 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345876 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45543 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32464 | 1 Rubyonrails | 1 Rails | 2024-11-21 | 6.1 Medium |
| Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2. | ||||
| CVE-2024-31971 | 1 Adtran | 2 Netvanta 3120, Netvanta 3120 Firmware | 2024-11-21 | 6.1 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. | ||||
| CVE-2024-31835 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 4.7 Medium |
| Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. | ||||
| CVE-2024-31160 | 1 Asus | 1 Download Master | 2024-11-21 | 4.8 Medium |
| The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks. | ||||
| CVE-2024-31159 | 1 Asus | 1 Download Master | 2024-11-21 | 4.8 Medium |
| The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. | ||||
| CVE-2024-31138 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.6 Medium |
| In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | ||||
| CVE-2024-31137 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.8 Medium |
| In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | ||||
| CVE-2024-30423 | 2024-11-21 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.3.7. | ||||
| CVE-2024-2762 | 1 Fooplugins | 1 Foogallery | 2024-11-21 | 6.3 Medium |
| The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | ||||
| CVE-2024-2640 | 1 Kibokolabs | 1 Watu Quiz | 2024-11-21 | 5.4 Medium |
| The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2024-2430 | 1 Matteoenna | 1 Website Content In Page Or Post | 2024-11-21 | 5.4 Medium |
| The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2404 | 1 Utopique | 1 Better Comments | 2024-11-21 | 5.4 Medium |
| The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-2375 | 1 2code | 1 Wpqa Builder | 2024-11-21 | 5.4 Medium |
| The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2234 | 1 2code | 1 Himer | 2024-11-21 | 5.4 Medium |
| The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2171 | 1 Zenml | 1 Zenml | 2024-11-21 | 4.8 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise. | ||||
| CVE-2024-2075 | 2024-11-21 | 3.5 Low | ||
| A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391. | ||||
| CVE-2024-29932 | 2024-11-21 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. | ||||
| CVE-2024-29906 | 2024-11-21 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. | ||||
| CVE-2024-29763 | 2024-11-21 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3. | ||||
| CVE-2024-29471 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 5.4 Medium |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. | ||||