Lucene search
K

6252 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.8 views

CVE-2024-37558

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1...

5.9CVSS6.8AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.6 views

CVE-2024-37392

A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...

6.1CVSS5.5AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.6 views

CVE-2024-55541

Stored cross-site scripting XSS vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 39169...

6.1CVSS5.6AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.9 views

CVE-2024-13670

The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pnmsv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:32 a.m.10 views

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

4.8CVSS5.4AI score0.00769EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.7 views

CVE-2024-40484

A Reflected Cross Site Scripting XSS vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter...

6.1CVSS6.1AI score0.00625EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:25 a.m.8 views

CVE-2024-0898

The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This mak...

4.8CVSS5.8AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:21 a.m.5 views

CVE-2024-44771

BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting XSS via the "Label" field in the Report template function...

6.1CVSS6AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:20 a.m.5 views

CVE-2024-44040

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in plainware ShiftController Employee Shift Scheduling shiftcontroller allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through = 4.9.64...

5.9CVSS5.9AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:12 a.m.7 views

CVE-2024-35768

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows DOM-Based XSS.This issue affects Page Builder: Live Composer: from n/a through = 2.1.13...

5.9CVSS5.8AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:8 a.m.7 views

CVE-2024-56923

Stored Cross-Site Scripting XSS Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 = 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The...

5.4CVSS5.9AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:52 a.m.11 views

CVE-2024-53481

A Cross Site Scripting XSS vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters...

6.1CVSS6.5AI score0.00511EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.7 views

CVE-2024-40727

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/...

6.1CVSS5.9AI score0.00353EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.8 views

CVE-2024-11660

A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed...

5.4CVSS6.2AI score0.00556EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.10 views

CVE-2024-52763

A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...

5.4CVSS5.7AI score0.00628EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.4 views

CVE-2024-51854

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in holanetworks Hola Free Video Player hola-free-video-player allows DOM-Based XSS.This issue affects Hola Free Video Player: from n/a through = 1.3.9...

6.5CVSS7.2AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.7 views

CVE-2024-51896

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Magic Slider magic-slider allows Stored XSS.This issue affects Magic Slider: from n/a through = 1.3...

6.5CVSS7.2AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.4 views

CVE-2024-51838

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smajda Pull This pull-this allows DOM-Based XSS.This issue affects Pull This: from n/a through = 1.1...

6.5CVSS7.2AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:28 a.m.7 views

CVE-2024-6942

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to...

5.4CVSS5.2AI score0.0043EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.9 views

CVE-2024-50990

A Reflected Cross Site Scriptng XSS vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter...

6.1CVSS6.4AI score0.00406EPSS
Exploits1References1
Rows per page
Query Builder