Export limit exceeded: 351327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45999 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34142 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2024-11-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-34141 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2024-11-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-34128 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-34120 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-34119 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-34105 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-11-21 | 4.8 Medium |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-33933 | 1 Brainstormforce | 1 Elementor - Header\, Footer \& Blocks Template | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35. | ||||
| CVE-2024-33253 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2024-11-21 | 6 Medium |
| Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function. | ||||
| CVE-2024-32464 | 1 Rubyonrails | 1 Rails | 2024-11-21 | 6.1 Medium |
| Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2. | ||||
| CVE-2024-31971 | 1 Adtran | 2 Netvanta 3120, Netvanta 3120 Firmware | 2024-11-21 | 6.1 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. | ||||
| CVE-2024-31835 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 4.7 Medium |
| Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. | ||||
| CVE-2024-31160 | 1 Asus | 1 Download Master | 2024-11-21 | 4.8 Medium |
| The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks. | ||||
| CVE-2024-31159 | 1 Asus | 1 Download Master | 2024-11-21 | 4.8 Medium |
| The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. | ||||
| CVE-2024-31138 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.6 Medium |
| In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | ||||
| CVE-2024-31137 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.8 Medium |
| In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | ||||
| CVE-2024-2762 | 1 Fooplugins | 1 Foogallery | 2024-11-21 | 6.3 Medium |
| The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | ||||
| CVE-2024-2640 | 1 Kibokolabs | 1 Watu Quiz | 2024-11-21 | 5.4 Medium |
| The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2024-2430 | 1 Matteoenna | 1 Website Content In Page Or Post | 2024-11-21 | 5.4 Medium |
| The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2404 | 1 Utopique | 1 Better Comments | 2024-11-21 | 5.4 Medium |
| The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-2375 | 1 2code | 1 Wpqa Builder | 2024-11-21 | 5.4 Medium |
| The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | ||||