Search Results (Refine Search)
- Keyword (text search): XSS
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29182 |
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected. Published: April 04, 2024; 11:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2692 |
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS. Published: April 03, 2024; 10:15:06 PM -0400 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2024-3181 |
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting Published: April 03, 2024; 4:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3180 |
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting. Published: April 03, 2024; 3:15:44 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3179 |
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting. Published: April 03, 2024; 3:15:44 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2753 |
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator Thank you Rikuto Tauchi for reporting Published: April 03, 2024; 3:15:43 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31109 |
Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0. Published: April 02, 2024; 2:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31105 |
Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5. Published: April 02, 2024; 2:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2435 |
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access to send a signal to a workflow is determined by how you configured the authorizer on your server. This includes any entity with permission to directly call SignalWorkflowExecution or SignalWithStartWorkflowExecution, or any entity can deploy a worker that has access to call workflow progress APIs (specifically RespondWorkflowTaskCompleted). Published: April 02, 2024; 1:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25080 |
WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer. Published: April 01, 2024; 5:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27609 |
Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel. Published: March 31, 2024; 8:15:49 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31104 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GetResponse GetResponse for WordPress allows Stored XSS.This issue affects GetResponse for WordPress: from n/a through 5.5.33. Published: March 31, 2024; 4:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31103 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Reflected XSS.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. Published: March 31, 2024; 4:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31102 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scimone Ignazio Prenotazioni allows Stored XSS.This issue affects Prenotazioni: from n/a through 1.7.4. Published: March 31, 2024; 4:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31101 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Twitter Feeds (Twitter widget & shortcode) allows Stored XSS.This issue affects AI Twitter Feeds (Twitter widget & shortcode): from n/a through 2.4. Published: March 31, 2024; 4:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31097 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephan Spencer SEO Title Tag allows Reflected XSS.This issue affects SEO Title Tag: from n/a through 3.5.9. Published: March 31, 2024; 4:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31092 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip M. Hofer (Frumph) Comic Easel allows Reflected XSS.This issue affects Comic Easel: from n/a through 1.15. Published: March 31, 2024; 4:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31091 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SparkWeb Interactive, Inc. Custom Field Bulk Editor allows Reflected XSS.This issue affects Custom Field Bulk Editor: from n/a through 1.9.1. Published: March 31, 2024; 4:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31090 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 荒野无灯 Hacklog Down As PDF allows Reflected XSS.This issue affects Hacklog Down As PDF: from n/a through 2.3.6. Published: March 31, 2024; 4:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31089 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techblissonline.Com (Rajesh) Platinum SEO allows Stored XSS.This issue affects Platinum SEO: from n/a through 2.4.0. Published: March 31, 2024; 4:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |