Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29183 |
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account. Published: April 19, 2024; 12:15:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-29029 |
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file. Published: April 19, 2024; 12:15:09 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-3654 |
An XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session. Published: April 19, 2024; 9:15:13 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-2761 |
The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. Published: April 19, 2024; 1:15:49 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-27306 |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade. Published: April 18, 2024; 11:15:29 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32553 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in looks_awesome Superfly Menu allows Stored XSS.This issue affects Superfly Menu: from n/a through 5.0.25. Published: April 18, 2024; 7:15:38 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32552 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagbox Taggbox allows Stored XSS.This issue affects Taggbox: from n/a through 3.2. Published: April 18, 2024; 7:15:38 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32126 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters Navigation menu as Dropdown Widget allows Stored XSS.This issue affects Navigation menu as Dropdown Widget: from n/a through 1.3.4. Published: April 18, 2024; 7:15:37 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-49768 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Stored XSS.This issue affects WP-FormAssembly: from n/a through 2.0.10. Published: April 18, 2024; 7:15:36 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32586 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Munir Kamal Gutenberg Block Editor Toolkit allows Stored XSS.This issue affects Gutenberg Block Editor Toolkit: from n/a through 1.40.4. Published: April 18, 2024; 6:15:14 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32585 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from n/a through 4.2. Published: April 18, 2024; 6:15:14 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32584 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StandaloneTech TeraWallet – For WooCommerce allows Stored XSS.This issue affects TeraWallet – For WooCommerce: from n/a through 1.5.0. Published: April 18, 2024; 6:15:14 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32583 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21. Published: April 18, 2024; 6:15:13 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32582 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1. Published: April 18, 2024; 6:15:13 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32581 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lenderd Mortgage Calculators WP allows Stored XSS.This issue affects Mortgage Calculators WP: from n/a through 1.56. Published: April 18, 2024; 6:15:13 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32580 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8. Published: April 18, 2024; 6:15:13 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32579 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation allows Stored XSS.This issue affects Restaurant Menu – Food Ordering System – Table Reservation: from n/a through 2.4.1. Published: April 18, 2024; 6:15:13 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32578 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through 1.2.54. Published: April 18, 2024; 6:15:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32577 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr Team CBX Bookmark & Favorite cbxwpbookmark allows Stored XSS.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20. Published: April 18, 2024; 6:15:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32576 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8. Published: April 18, 2024; 6:15:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |