Total
34046 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44820 | 1 Zzcms | 1 Zzcms | 2024-09-04 | 7.5 High |
| A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, which exposes detailed information about the PHP environment, including server configuration, loaded modules, and environment variables. | ||||
| CVE-2024-45046 | 2 Phpoffice, Phpspreadsheet Project | 2 Phpspreadsheet, Phpspreadsheet | 2024-09-04 | 5.4 Medium |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker may used a crafted spreadsheet to fully takeover a session of a user viewing spreadsheet files as HTML. This issue has been addressed in release version 2.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-8328 | 1 Easy Test Online Learning And Testing Platform Project | 1 Easy Test Online Learning And Testing Platform | 2024-09-04 | 5.4 Medium |
| Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks. | ||||
| CVE-2024-44684 | 1 Tpmecms | 1 Tpmecms | 2024-09-04 | 6.1 Medium |
| TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields. | ||||
| CVE-2024-44683 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
| Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | ||||
| CVE-2024-44682 | 1 Shopxo | 1 Shopxo | 2024-09-04 | 6.1 Medium |
| ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters. | ||||
| CVE-2024-41349 | 1 Cdevroe | 1 Unmark | 2024-09-04 | 6.1 Medium |
| unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. | ||||
| CVE-2024-41371 | 1 Organizr | 1 Organizr | 2024-09-04 | 6.1 Medium |
| Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. | ||||
| CVE-2024-41358 | 1 Phpipam | 1 Phpipam | 2024-09-04 | 6.1 Medium |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php. | ||||
| CVE-2024-41351 | 1 Baijunyao | 2 Bjyadmin, Thinkphp-bjyadmin | 2024-09-04 | 6.1 Medium |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php | ||||
| CVE-2024-41350 | 1 Baijunyao | 2 Bjyadmin, Thinkphp-bjyadmin | 2024-09-04 | 6.1 Medium |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php | ||||
| CVE-2024-41348 | 1 Jpatokal | 1 Openflights | 2024-09-04 | 6.1 Medium |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php | ||||
| CVE-2024-41347 | 1 Jpatokal | 1 Openflights | 2024-09-04 | 6.1 Medium |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php | ||||
| CVE-2024-41346 | 1 Jpatokal | 1 Openflights | 2024-09-04 | 6.1 Medium |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php | ||||
| CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | ||||
| CVE-2024-8004 | 2 3ds, Dassault | 4 3dexperience Enovia, 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 and 1 more | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-7938 | 2 3ds, Dassault | 3 3dexperience, 3dswymer 3dexperience 2023, 3dswymer 3dexperience 2024 | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-38858 | 1 Checkmk | 1 Checkmk | 2024-09-04 | 6.1 Medium |
| Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | ||||
| CVE-2024-5024 | 1 Memberpress | 1 Memberpress | 2024-09-04 | 6.1 Medium |
| The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-4401 | 1 Wpvibes | 1 Elementor Addon Elements | 2024-09-04 | 6.4 Medium |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||