Export limit exceeded: 46001 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46001 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38507 | 1 Jetbrains | 1 Hub | 2024-11-21 | 3.5 Low |
| In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | ||||
| CVE-2024-38493 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | ||||
| CVE-2024-38436 | 1 Commugen | 1 Sox 365 | 2024-11-21 | 6.1 Medium |
| Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2024-38430 | 1 Matrix-globalservices | 1 Tafnit | 2024-11-21 | 5.4 Medium |
| Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2024-38354 | 1 Hackmd | 1 Codimd | 2024-11-21 | 8.1 High |
| CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4. | ||||
| CVE-2024-38281 | 1 Motorola | 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware | 2024-11-21 | 9.8 Critical |
| An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. | ||||
| CVE-2024-37958 | 1 Mekshq | 1 Meks Smart Author Widget | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4. | ||||
| CVE-2024-37956 | 1 Vektor-inc | 1 Vk All In One Expansion Unit | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0. | ||||
| CVE-2024-37955 | 1 Makegutenblock | 1 Gutslider | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a through 2.7.3. | ||||
| CVE-2024-37954 | 1 Marcelotorres | 1 Simple Responsive Slider | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5. | ||||
| CVE-2024-37888 | 1 Mlewand | 1 Open Link | 2024-11-21 | 6.1 Medium |
| The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**. | ||||
| CVE-2024-37856 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. | ||||
| CVE-2024-37741 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2024-11-21 | 5.4 Medium |
| OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. | ||||
| CVE-2024-37732 | 1 Anchorcms | 2 Anchor, Anchor Cms | 2024-11-21 | 8.8 High |
| Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. | ||||
| CVE-2024-37679 | 2 Finesoft Project, Hangzhou Meisoft Information Technology | 2 Finesoft, Finesoft | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter. | ||||
| CVE-2024-37673 | 1 Tessi | 2 Docubase, Docubase Document Management | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter. | ||||
| CVE-2024-37672 | 1 Tessi | 1 Docubase | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter. | ||||
| CVE-2024-37625 | 1 Zhimengzhel | 1 Ibarn | 2024-11-21 | 6.1 Medium |
| zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php. | ||||
| CVE-2024-37619 | 1 Strongshop | 1 Strongshop | 2024-11-21 | 7.6 High |
| StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php. | ||||
| CVE-2024-37559 | 1 Henleyedition | 1 Counterpoint | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echenley Counterpoint allows Reflected XSS.This issue affects Counterpoint: from n/a through 1.8.1. | ||||