Export limit exceeded: 45415 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45415 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46980 | 1 Enalean | 1 Tuleap | 2024-10-16 | 4.8 Medium |
| Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue. | ||||
| CVE-2024-9810 | 2 Jkev, Sourcecodester | 2 Record Management System, Record Management System | 2024-10-15 | 3.5 Low |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file sort2_user.php. The manipulation of the argument qualification leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9805 | 1 Code-projects | 1 Blood Bank System | 2024-10-15 | 3.5 Low |
| A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "hospital". | ||||
| CVE-2024-38039 | 1 Esri | 1 Portal For Arcgis | 2024-10-15 | 5.4 Medium |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). | ||||
| CVE-2024-45127 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | 4.8 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-48942 | 1 Syracom | 1 Secure Login | 2024-10-11 | 9.1 Critical |
| The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid. | ||||
| CVE-2024-47951 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | 3.5 Low |
| In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | ||||
| CVE-2024-47950 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | 3.5 Low |
| In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | ||||
| CVE-2024-45932 | 1 Webkul | 1 Krayin Crm | 2024-10-11 | 7.1 High |
| Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. | ||||
| CVE-2024-45116 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2024-10-10 | 8.1 High |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-45123 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 6.1 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2024-46300 | 2 Angeljudesuarez, Itsourcecode | 2 Placement Management System, Placement Management System | 2024-10-10 | 6.1 Medium |
| itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. | ||||
| CVE-2024-47617 | 1 Sulu | 1 Sulu | 2024-10-08 | 6.1 Medium |
| Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21. | ||||
| CVE-2024-8758 | 1 Expresstech | 1 Quiz And Survey Master | 2024-10-07 | 4.8 Medium |
| The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-47527 | 1 Librenms | 1 Librenms | 2024-10-07 | 7.5 High |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. | ||||
| CVE-2024-47525 | 1 Librenms | 1 Librenms | 2024-10-07 | 7.5 High |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. | ||||
| CVE-2024-47523 | 1 Librenms | 1 Librenms | 2024-10-07 | 7.5 High |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. | ||||
| CVE-2024-5561 | 2 Code-atlantic, Popup Maker | 2 Popup Maker, Popup Maker Wp | 2024-10-07 | 4.8 Medium |
| The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-6910 | 2 Eventon Wordpress Plugin, Myeventon | 2 Eventon Wordpress Plugin, Eventon | 2024-10-07 | 4.8 Medium |
| The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2024-7687 | 2 Azindex Project, Azindex Wordpress Plugin | 2 Azindex, Azindex Wordpress Plugin | 2024-10-07 | 6.1 Medium |
| The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||