Export limit exceeded: 45574 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45574 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52839 | 1 Adobe | 1 Experience Manager | 2024-12-18 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | ||||
| CVE-2024-52838 | 1 Adobe | 1 Experience Manager | 2024-12-18 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | ||||
| CVE-2024-52837 | 1 Adobe | 1 Experience Manager | 2024-12-18 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input for the exploit to execute. | ||||
| CVE-2024-2068 | 1 Remyandrade | 1 Computer Inventory System | 2024-12-17 | 3.5 Low |
| A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/update-computer.php. The manipulation of the argument model leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255383. | ||||
| CVE-2024-2070 | 1 Remyandrade | 1 Faq Management System | 2024-12-17 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255385 was assigned to this vulnerability. | ||||
| CVE-2024-2065 | 1 Remyandrade | 1 Barangay Population Monitoring System | 2024-12-17 | 3.5 Low |
| A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/update-resident.php. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255380. | ||||
| CVE-2024-2066 | 1 Remyandrade | 1 Computer Inventory System | 2024-12-17 | 2.4 Low |
| A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-computer.php. The manipulation of the argument model leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255381 was assigned to this vulnerability. | ||||
| CVE-2024-23640 | 1 Geoserver | 1 Geoserver | 2024-12-17 | 4.8 Medium |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue. | ||||
| CVE-2024-23642 | 1 Geoserver | 1 Geoserver | 2024-12-17 | 4.8 Medium |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue. | ||||
| CVE-2024-23643 | 1 Geoserver | 1 Geoserver | 2024-12-17 | 4.8 Medium |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue. | ||||
| CVE-2024-23818 | 1 Geoserver | 1 Geoserver | 2024-12-17 | 4.8 Medium |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue. | ||||
| CVE-2024-23819 | 1 Geoserver | 1 Geoserver | 2024-12-17 | 4.8 Medium |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. | ||||
| CVE-2021-24561 | 1 Veronalabs | 1 Wp Sms | 2024-12-17 | 5.4 Medium |
| The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue | ||||
| CVE-2024-24881 | 1 Veronalabs | 1 Wp Sms | 2024-12-17 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2. | ||||
| CVE-2024-43722 | 1 Adobe | 1 Experience Manager | 2024-12-17 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input. | ||||
| CVE-2024-43721 | 1 Adobe | 1 Experience Manager | 2024-12-17 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page. | ||||
| CVE-2024-0007 | 1 Paloaltonetworks | 4 Pan-os, Panorama M-200, Panorama M-500 and 1 more | 2024-12-17 | 6.8 Medium |
| A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator. | ||||
| CVE-2023-30904 | 1 Hpe | 1 Insight Remote Support | 2024-12-17 | 5.5 Medium |
| A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information. | ||||
| CVE-2023-3293 | 1 Salesagility | 1 Suitecrm | 2024-12-17 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. | ||||
| CVE-2023-3294 | 1 Saleor | 1 React-storefront | 2024-12-17 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7. | ||||