Total
45117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7225 | 1 Munyweki | 1 Insurance Management System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272805 was assigned to this vulnerability. | ||||
| CVE-2024-7200 | 1 Oretnom23 | 1 Complaints Report Management System | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272621 was assigned to this vulnerability. | ||||
| CVE-2024-7163 | 1 Seacms | 1 Seacms | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability. | ||||
| CVE-2024-7162 | 1 Seacms | 1 Seacms | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576. | ||||
| CVE-2024-7127 | 1 Stackposts | 1 Social Marketing Tool | 2024-11-21 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthorised acquisition of information (e.g. cookies from a logged-in user). After multiple attempts to contact the vendor we did not receive any answer. Our team has confirmed the existence of this vulnerability. We suppose this issue affects Social Marketing Tool in all versions. | ||||
| CVE-2024-7047 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.7 High |
| A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user. | ||||
| CVE-2024-6955 | 1 Jkev | 1 Record Management System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort2.php. The manipulation of the argument qualification leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272076. | ||||
| CVE-2024-6954 | 1 Jkev | 1 Record Management System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file sort1.php. The manipulation of the argument position leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272077 was assigned to this vulnerability. | ||||
| CVE-2024-6939 | 1 Xinhu | 1 Rockoa | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public/upload/tpl_upload.html. The manipulation of the argument callback leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271994 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-6935 | 1 Formtools | 1 Form Tools | 2024-11-21 | 2.4 Low |
| A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6934 | 1 Formtools | 1 Form Tools | 2024-11-21 | 2.4 Low |
| A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6932 | 1 Classcms Project | 1 Classcms | 2024-11-21 | 3.5 Low |
| A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271987. | ||||
| CVE-2024-6907 | 1 Jkev | 1 Record Management System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort.php. The manipulation of the argument sort leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271932. | ||||
| CVE-2024-6892 | 1 Journyx | 1 Journyx | 2024-11-21 | 6.1 Medium |
| Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. | ||||
| CVE-2024-6742 | 1 Space Management System Project | 1 Space Management System | 2024-11-21 | 5.4 Medium |
| AguardNet Technology's Space Management System does not properly filter user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected Cross-site scripting attacks. | ||||
| CVE-2024-6740 | 1 Openfind | 1 Mail2000 | 2024-11-21 | 6.1 Medium |
| Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks. | ||||
| CVE-2024-6706 | 2 Debian, Openwebui | 2 Debian Linux, Open Webui | 2024-11-21 | 6.3 Medium |
| Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. | ||||
| CVE-2024-6650 | 1 Oretnom23 | 1 Employee And Visitor Gate Pass Logging System | 2024-11-21 | 2.4 Low |
| A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-6629 | 1 Plugins360 | 1 All-in-one Video Gallery | 2024-11-21 | 6.4 Medium |
| The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-6578 | 1 Aimstack | 1 Aim | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab. | ||||