Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-2634 |
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sse_generico/generico_login.jsp' is vulnerable to XSS attack via 'lang' query, i.e. '/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f¶ms='. Published: March 19, 2024; 8:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2633 |
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sitetest/english/dumpenv.jsp' is vulnerable to XSS attack by 'lang' query, i.e. '/sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert(1)%3E¶ms'. Published: March 19, 2024; 8:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-7085 |
The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Published: March 18, 2024; 3:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27914 |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13. Published: March 18, 2024; 1:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27104 |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13. Published: March 18, 2024; 1:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29154 |
danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. Published: March 18, 2024; 2:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27757 |
flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024." Published: March 18, 2024; 12:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27961 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codekraft AntiSpam for Contact Form 7 allows Reflected XSS.This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.0. Published: March 17, 2024; 1:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27960 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20. Published: March 17, 2024; 1:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27959 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9. Published: March 17, 2024; 1:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27958 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5. Published: March 17, 2024; 1:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27197 |
Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8. Published: March 15, 2024; 10:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27195 |
Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5. Published: March 15, 2024; 10:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27194 |
Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6. Published: March 15, 2024; 10:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25597 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8. Published: March 15, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25596 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.This issue affects Doofinder for WooCommerce: from n/a through 2.1.8. Published: March 15, 2024; 10:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25593 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5. Published: March 15, 2024; 10:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25592 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3. Published: March 15, 2024; 10:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27196 |
Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0. Published: March 15, 2024; 9:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27193 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU PayU India allows Reflected XSS.This issue affects PayU India: from n/a through 3.8.2. Published: March 15, 2024; 9:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |