Export limit exceeded: 343750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45315 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7818 | 2 Michalaugustyniak, Misiek Photo Album | 2 Misiek Photo Album, Misiek Photo Album | 2024-09-27 | 6.1 Medium |
| The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-7822 | 2 Gwycon, Quick Code | 2 Quick Code, Quick Code | 2024-09-27 | 6.1 Medium |
| The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-9077 | 2 Dingfangzu, Gitapp | 2 Dingfangzu, Dingfanzu | 2024-09-27 | 3.5 Low |
| A vulnerability classified as problematic has been found in dingfangzu up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected is an unknown function of the file scripts/order.js of the component Order Checkout. The manipulation of the argument address-name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-9092 | 2 Rems, Sourcecodester | 2 Profile Registration Without Reload\/refresh, Profile Registration Without Reload Refresh | 2024-09-27 | 3.5 Low |
| A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add.php of the component Registration Form. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-9089 | 2 Mayurik, Sourcecodester | 2 Modern Loan Management System, Modern Loan Management System | 2024-09-27 | 3.5 Low |
| A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. The manipulation of the argument amount leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9083 | 2 Razormist, Sourcecodester | 2 Employee Management System, Employee Management System | 2024-09-27 | 2.4 Low |
| A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation of the argument txtfullname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9033 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-09-27 | 3.5 Low |
| A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44062 | 1 Wpgogo | 1 Custom Field Template | 2024-09-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5. | ||||
| CVE-2024-44053 | 1 Mohammadarif | 1 Opor Ayam | 2024-09-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8. | ||||
| CVE-2024-47058 | 1 Acquia | 1 Mautic | 2024-09-27 | 2.9 Low |
| With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session. | ||||
| CVE-2024-47050 | 1 Acquia | 1 Mautic | 2024-09-27 | 5.4 Medium |
| Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | ||||
| CVE-2021-27917 | 1 Acquia | 1 Mautic | 2024-09-27 | 7.3 High |
| Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | ||||
| CVE-2024-44063 | 1 Happyforms | 1 Happyforms | 2024-09-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0. | ||||
| CVE-2024-44060 | 1 Jenniferhall | 1 Filmix | 2024-09-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1. | ||||
| CVE-2024-8770 | 1 Github | 1 Enterprise Server | 2024-09-27 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-5799 | 2 Cminds, Creativemindssolutions | 2 Cm Popup, Cm Pop-up Banners | 2024-09-26 | 4.8 Medium |
| The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks. | ||||
| CVE-2024-6887 | 2 Rafflepress, Seedprod | 2 Giveaways And Contests By Rafflepress, Rafflepress | 2024-09-26 | 4.8 Medium |
| The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-7816 | 2 Adeelraza, Gixaw Chat | 2 Gixaw Chat, Gixaw Chat | 2024-09-26 | 6.1 Medium |
| The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-9084 | 1 Code-projects | 1 Blood Bank System | 2024-09-26 | 3.5 Low |
| A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file bbms.php. The manipulation of the argument fullname/age/bloodgroup/city/phno/gender as part of String leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-5959 | 1 Elizsoftware | 1 Panel | 2024-09-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS.This issue affects Panel: before v2.3.24. | ||||