6239 matches found
CVE-2024-44001
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons.This issue affects Royal Elementor Addons: from n/a through = 1.3.982...
CVE-2024-43977 WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a...
PT-2024-27970 · Millbeck Communications · Proroute H685T-W +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute...
Vaultwarden 安全漏洞
Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. A security vulnerability exists in Vaultwarden version 1.30.3, which stems from the presence of stored cross-site scripting XSS that allows an authenticated attacker to...
CVE-2024-44798
phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting XSS in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters...
CVE-2024-2010
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in TE Informatics V5 allows Reflected XSS. This issue affects V5: before 6.2...
CVE-2024-6282
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output...
[SECURITY] [DLA 3884-1] cacti security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3884-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 09, 2024 https://wiki.debian.org/LTS -...
CVE-2024-42020
CVE-2024-42020 is an XSS in Veeam ONE Reporter Widgets that allows HTML injection. Affected product appears to be Veeam ONE 12.x (Reporter Widgets in 12.1.0.3208 and earlier). The root cause is improper handling of widget content enabling HTML/Script execution within the UI. Impact details in sou...
CVE-2024-8521 Wavelog Live QSO qso index cross site scripting
A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...
CVE-2024-1384
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...
Cross Site Scripting
phpoffice/phpspreadsheet is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of spreadsheet styling information by \PhpOffice\PhpSpreadsheet\Writer\Html, which fails to remove or neutralize potentially harmful content before rendering it in HTML. It...
Kashipara Bus Ticket Reservation System Cross-Site Scripting Vulnerability (CNVD-2024-38206)
Kashipara Bus Ticket Reservation System is a bus reservation system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in /adminschedule.php, and can be...
Kashipara Hotel Management System Cross-Site Scripting Vulnerability
Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the useremail parameter of...
Kashipara Hotel Management System Cross-Site Scripting Vulnerability (CNVD-2024-37413)
Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the userfname and userlname parameters of...
Kashipara Hotel Management System Cross-Site Scripting Vulnerability (CNVD-2024-37411)
Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the roomname parameter of...
Kashipara Music Management System Cross-Site Scripting Vulnerability (CNVD-2024-37432)
Kashipara Music Management System is a music management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Music Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the page parameter of...
Kashipara Music Management System Cross-Site Scripting Vulnerability (CNVD-2024-37431)
Kashipara Music Management System is a music management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Music Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the title and description parameters of...
Kashipara Music Management System Cross-Site Scripting Vulnerability (CNVD-2024-37430)
Kashipara Music Management System is a music management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of effective filtering and escaping of the "title" and " action=savemusic" parameters lack effective...
CVE-2024-41358
phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...