Export limit exceeded: 45946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38858 | 1 Checkmk | 1 Checkmk | 2024-09-04 | 6.1 Medium |
| Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | ||||
| CVE-2024-43921 | 1 Magic-post-thumbnail | 1 Magic Post Thumbnail | 2024-09-04 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9. | ||||
| CVE-2024-43920 | 1 Jegstudio | 1 Gutenverse | 2024-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4. | ||||
| CVE-2024-8366 | 1 Code-projects | 1 Pharmacy Management System | 2024-09-04 | 4.3 Medium |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7942 | 2 Rems, Sourcecodester | 2 Leads Manager Tool, Leads Manager Tool | 2024-09-03 | 3.5 Low |
| A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phone_number leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41697 | 1 Priority-software | 1 Priority | 2024-09-03 | 6.1 Medium |
| Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | ||||
| CVE-2024-41241 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-09-03 | 4.8 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | ||||
| CVE-2024-40473 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-09-03 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields. | ||||
| CVE-2024-44778 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | 7.4 High |
| A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
| CVE-2024-44779 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | 7.4 High |
| A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
| CVE-2024-44777 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | 7.4 High |
| A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
| CVE-2024-43964 | 1 Dsgvo-for-wp | 1 Dsgvo All In One For Wp | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Leithold DSGVO All in one for WP allows Stored XSS.This issue affects DSGVO All in one for WP: from n/a through 4.5. | ||||
| CVE-2024-43396 | 1 Khoj | 1 Khoj | 2024-09-03 | 5.4 Medium |
| Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0. | ||||
| CVE-2024-7814 | 2 Codeastro, Online Railway Reservation System Project | 2 Online Railway Reservation System, Online Railway Reservation System | 2024-09-03 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43949 | 1 Automattic | 2 Ghacitivity, Ghactivity | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha. | ||||
| CVE-2024-43948 | 1 Dineshkarki | 2 Wp Armour, Wp Armour Extended | 2024-09-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26. | ||||
| CVE-2024-43946 | 1 Sktthemes | 1 Skt Blocks | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.5. | ||||
| CVE-2024-43936 | 1 Wpdeveloper | 1 Embedpress | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8. | ||||
| CVE-2024-43935 | 1 Wpdelicious | 1 Wp Delicious | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/a through 1.6.7. | ||||
| CVE-2024-43934 | 1 Robfelty | 1 Collapsing Archives | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robert Felty Collapsing Archives allows Stored XSS.This issue affects Collapsing Archives: from n/a through 3.0.5. | ||||