CVE-2024-49233

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MadrasThemes MAS Elementor mas-addons-for-elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through = 1.1.6...

CVE-2024-49232 WordPress El mejor Cluster plugin <= 1.1.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in derethor El mejor Cluster mejorcluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through = 1.1.15...

CVE-2024-49232

CVE-2024-49232 affects WordPress plugin El mejor Cluster (versions up to 1.1.15). The issue is improper input neutralization during web page generation, enabling DOM-based XSS. Connected sources confirm the affected plugin and vulnerability class; no public details on a fixed version or patch in ...

CVE-2024-49233 WordPress MAS Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MadrasThemes MAS Elementor mas-addons-for-elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through = 1.1.6...

CVE-2024-49241

CVE-2024-49241 concerns the WordPress Tito plugin (versions

PT-2024-33370 · Madrasthemes · Madrasthemes Mas Elementor

Name of the Vulnerable Software and Affected Versions: MadrasThemes MAS Elementor versions 1.1.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a DOM-Based XSS vulnerability...

PT-2024-33369 · Unknown · El Mejor Cluster

Name of the Vulnerable Software and Affected Versions: El mejor Cluster versions 1.1.14 through 1.1.15 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for DOM-Based XSS. Recommendations: For...

Qnap QTS Cross-site Scripting (CVE-2021-28806)

A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions pri...

CVE-2024-44731

Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...

CVE-2024-44731

Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...

CVE-2024-44731

CVE-2024-44731 concerns Mirotalk prior to commit 9de226, where a DOM-based XSS vulnerability exists. The issue allows an attacker to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections. The documented root cause is a DOM-based XSS in the messaging pa...

CVE-2024-9049 Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Beaver Builder plugin <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability discovered by zer0gh0st in WordPress Plugin Beaver Builder versions = 2.8.3.6...

CVE-2024-46934

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...

CVE-2024-46934

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...

CVE-2024-46934

Rocket.Chat d: CVE-2024-46934 affects Rocket.Chat versions 6.12.0 and earlier. The root cause is a DOM-based Cross-site Scripting (XSS) flaw exploited via the UpdateOTRAck method to forge messages containing an XSS payload. Documented versions across multiple feeds include 6.12.0, 6.11.2, 6.10.5...

CVE-2024-46934

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...

CVE-2024-46934

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2024-36911)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-41878

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires...