Export limit exceeded: 45556 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45556 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6138 | 1 Ays-pro | 1 Secure Copy Content Protection And Content Locking | 2024-11-21 | 4.8 Medium |
| The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-6094 | 1 Technowich | 1 Wp Ulike | 2024-11-21 | 4.8 Medium |
| The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-6082 | 1 Phpvibe | 1 Phpvibe | 2024-11-21 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This issue affects some unknown processing of the file functionalities.global.php of the component Global Options Page. The manipulation of the argument site-logo-text leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268823. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6076 | 1 Tipsandtricks-hq | 1 Wp Estore | 2024-11-21 | 6.1 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-6074 | 2 Tipsandtricks-hq, Wp Easycart | 2 Wp Estore, Shopping Cart And Ecommerce Store | 2024-11-21 | 5.4 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-6073 | 1 Tipsandtricks-hq | 1 Wp Estore | 2024-11-21 | 6.1 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-6072 | 1 Tipsandtricks-hq | 1 Wp Estore | 2024-11-21 | 6.1 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2024-6059 | 1 Ingenico | 1 Estate Management | 2024-11-21 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6058 | 1 Labvantage | 1 Laboratory Information Management System | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6052 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.5 Medium |
| Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements | ||||
| CVE-2024-6050 | 1 Sokrates | 1 Sowa Opac | 2024-11-21 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC software in versions from 4.0 before 4.9.10, from 5.0 before 6.2.12. | ||||
| CVE-2024-6035 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-11-21 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks. | ||||
| CVE-2024-6026 | 1 10web | 1 Slider | 2024-11-21 | 6.1 Medium |
| The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-6025 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 5.4 Medium |
| The Quiz and Survey Master (QSM) WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-5906 | 1 Paloaltonetworks | 1 Prisma Cloud | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user. | ||||
| CVE-2024-5897 | 1 Oretnom23 | 1 Employee And Visitor Gate Pass Logging System | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=log_visitor. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268141 was assigned to this vulnerability. | ||||
| CVE-2024-5811 | 1 Quantumcloud | 1 Simple Video Directory | 2024-11-21 | 5.4 Medium |
| The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-5766 | 1 Likeshop | 1 Likeshop | 2024-11-21 | 2.4 Low |
| A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was assigned to this vulnerability. | ||||
| CVE-2024-5741 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.5 Medium |
| Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | ||||
| CVE-2024-5737 | 1 Admiror-design-studio | 1 Admirorframes | 2024-11-21 | 6.1 Medium |
| Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0. | ||||