U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,234 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2024-29791

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01.

Published: March 27, 2024; 9:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29790

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.

Published: March 27, 2024; 9:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29789

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5.

Published: March 27, 2024; 9:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29788

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1.

Published: March 27, 2024; 9:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29777

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0.

Published: March 27, 2024; 9:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29776

Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.

Published: March 27, 2024; 9:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29775

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1.

Published: March 27, 2024; 9:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29774

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9.

Published: March 27, 2024; 9:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29772

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stormhill Media MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.3.7.

Published: March 27, 2024; 9:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29771

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8.

Published: March 27, 2024; 9:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29770

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2.

Published: March 27, 2024; 9:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29769

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfolio Gallery – Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery – Image Gallery Plugin: from n/a through 1.5.6.

Published: March 27, 2024; 9:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29768

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4.

Published: March 27, 2024; 9:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29767

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a through 2.10.2.

Published: March 27, 2024; 9:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29766

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5.

Published: March 27, 2024; 9:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28784

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.

Published: March 27, 2024; 9:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27270

IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.

Published: March 27, 2024; 9:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27091

GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3.

Published: March 27, 2024; 9:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-6400

Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4.

Published: March 27, 2024; 9:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-6153

Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 27, 2024; 9:15:46 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)