CVE-2024-31914

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

CVE-2024-56410 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7...

CVE-2024-56032

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FolioVision FV Descriptions fv-descriptions allows Reflected XSS.This issue affects FV Descriptions: from n/a through = 1.4...

CVE-2024-56028 WordPress Lemonade Social Networks Autoposter Pinterest plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lemonade Coding Studio Lemonade Social Networks Autoposter Pinterest allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through 2.0...

CVE-2024-12595 AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2024-13081 PHPGurukul Land Record System contactus.php cross site scripting

A vulnerability was found in PHPGurukul Land Record System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/contactus.php. The manipulation of the argument Page Description leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2024-13076

A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross site scripting. The attack may be initiated...

CVE-2024-56265

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a through 4.9.9...

CVE-2024-56235 WordPress Coupon plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coupon Plugin Coupon allows DOM-Based XSS.This issue affects Coupon: from n/a through 1.2.1...

CVE-2024-47920 Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2024-54775

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting XSS vulnerability via /admin/auth/menu and /admin/auth/extensions...

CVE-2024-54774

Dcat Admin v2.2.0-beta contains a cross-site scripting XSS vulnerability in /admin/articles/create...

CVE-2024-54775

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting XSS vulnerability via /admin/auth/menu and /admin/auth/extensions...

PT-2024-34525

Name of the Vulnerable Software and Affected Versions: Pnetlab version 5.3.11 Description: A Cross-Site Scripting XSS issue allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser. This enables the attacker to potentially steal...

CVE-2024-12893

Portabilis i-Educar up to version 2.9 is affected by a cross-site scripting (XSS) vulnerability in the Tipo de Usuário Page, specifically via manipulation of the name argument to /usuarios/tipos/2. The issue affects an unknown functionality and can be triggered remotely; public exploits have been...

PT-2024-17716 · WordPress · Real.Kit Plugin

Name of the Vulnerable Software and Affected Versions: real.Kit plugin for WordPress versions up to and including 5.1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

PT-2024-16813 · WordPress · Multi-Column Tag Map

Name of the Vulnerable Software and Affected Versions: Multi-column Tag Map plugin for WordPress versions up to, and including, 17.0.33 Description: The issue is related to Stored Cross-Site Scripting via the plugin's mctagmap shortcode due to insufficient input sanitization and output escaping o...

CVE-2024-40875

There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack...

CVE-2024-56357 Cross-site Scripting vulnerability through custom widget URLs and form redirect URLs in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the javascript: scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1...

CVE-2024-12842

A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclose...