Total
39748 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45057 | 1 Portabilis | 1 I-educar | 2024-09-13 | 6.1 Medium |
| i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at `ieducar/intranet/include/clsCampos.inc.php` does not properly validate or sanitize user-controlled input, leading to the vulnerability. Any page that uses this implementation is vulnerable, such as `intranet/educar_curso_lst.php?nm_curso=<payload>`, `intranet/atendidos_lst.php?nm_pessoa=<payload>`, `intranet/educar_abandono_tipo_lst?nome=<payload>`. Commit f2d768534aabc09b2a1fc8a5cc5f9c93925cb273 contains a patch for the issue. | ||||
| CVE-2024-8276 | 1 Wpzoom | 1 Wpzoom Portfolio | 2024-09-13 | 6.4 Medium |
| The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2021-38122 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 6.2 Medium |
| A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | ||||
| CVE-2024-44851 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-13 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | ||||
| CVE-2024-6018 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | 6.1 Medium |
| The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2024-6019 | 1 Scriptonite | 1 Music Request Manager | 2024-09-13 | 6.1 Medium |
| The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators | ||||
| CVE-2024-6700 | 1 Pega | 1 Infinity | 2024-09-13 | 5.5 Medium |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | ||||
| CVE-2024-6701 | 1 Pega | 1 Infinity | 2024-09-13 | 5.5 Medium |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | ||||
| CVE-2024-6702 | 1 Pega | 1 Infinity | 2024-09-13 | 5.2 Medium |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | ||||
| CVE-2020-24061 | 2 Kasda, Kasdanet | 3 Kw5515, Kw5515, Kw5515 Firmware | 2024-09-13 | 5.4 Medium |
| Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script | ||||
| CVE-2024-8695 | 1 Docker | 2 Desktop, Docker Desktop | 2024-09-13 | 9.8 Critical |
| A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. | ||||
| CVE-2024-8696 | 1 Docker | 2 Desktop, Docker Desktop | 2024-09-13 | 9.8 Critical |
| A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. | ||||
| CVE-2024-8605 | 1 Code-projects | 1 Inventory Management | 2024-09-13 | 4.3 Medium |
| A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-45406 | 1 Craftcms | 1 Craft Cms | 2024-09-13 | 5.5 Medium |
| Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input. | ||||
| CVE-2024-44872 | 2 Mozilo, Mozilocms | 2 Mozilocms, Mozilocms | 2024-09-13 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
| CVE-2024-7144 | 1 Crocoblock | 1 Jetelements | 2024-09-13 | 6.4 Medium |
| The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-43335 | 1 Cyberchimps | 1 Responsive Blocks | 2024-09-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8. | ||||
| CVE-2024-43342 | 1 Bdthemes | 1 Ultimate Store Kit | 2024-09-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4. | ||||
| CVE-2024-6864 | 1 Sayandatta | 1 Wp Last Modified Info | 2024-09-13 | 6.4 Medium |
| The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘template’ attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-7939 | 2 3ds, Dassault | 2 3dexperience, 3dswymer 3dexperience 2024 | 2024-09-13 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||