Total
43771 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9810 | 2 Jkev, Sourcecodester | 2 Record Management System, Record Management System | 2024-10-15 | 3.5 Low |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file sort2_user.php. The manipulation of the argument qualification leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9805 | 1 Code-projects | 1 Blood Bank System | 2024-10-15 | 3.5 Low |
| A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "hospital". | ||||
| CVE-2024-9074 | 1 Essamamdani | 1 Advanced Blocks Pro | 2024-10-15 | 6.4 Medium |
| The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-38039 | 1 Esri | 1 Portal For Arcgis | 2024-10-15 | 5.4 Medium |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). | ||||
| CVE-2024-8729 | 1 Idiom | 1 Easy Social Share Buttons | 2024-10-15 | 6.1 Medium |
| The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-45127 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | 4.8 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-47951 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | 3.5 Low |
| In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | ||||
| CVE-2024-47950 | 1 Jetbrains | 1 Teamcity | 2024-10-11 | 3.5 Low |
| In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | ||||
| CVE-2024-45932 | 1 Webkul | 1 Krayin Crm | 2024-10-11 | 7.1 High |
| Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. | ||||
| CVE-2024-45116 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2024-10-10 | 8.1 High |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-45123 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 6.1 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2024-9445 | 1 Acekyd | 1 Display Medium Posts | 2024-10-10 | 6.4 Medium |
| The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-8804 | 1 Davidartiss | 1 Code Embed | 2024-10-10 | 6.4 Medium |
| The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-9384 | 1 Wpfactory | 1 Quantity Dynamic Pricing \& Bulk Discounts For Woocommerce | 2024-10-10 | 6.1 Medium |
| The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-9375 | 1 Techbanker | 1 Captcha Bank | 2024-10-10 | 6.1 Medium |
| The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-46300 | 2 Angeljudesuarez, Itsourcecode | 2 Placement Management System, Placement Management System | 2024-10-10 | 6.1 Medium |
| itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. | ||||
| CVE-2024-8800 | 2 Rabbitloader, Yoginetwork | 2 Rabbitloader, Rabbitloader | 2024-10-08 | 6.1 Medium |
| The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-9242 | 1 Memberful | 1 Memberful | 2024-10-08 | 6.4 Medium |
| The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-9435 | 1 Plainware | 1 Shiftcontroller | 2024-10-08 | 6.1 Medium |
| The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-9271 | 1 Remilia | 1 Re\ | 2024-10-08 | 6.4 Medium |
| The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||