Latest CVE Feed
-
5.4
MEDIUMCVE-2024-44919
A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter.... Read more
Affected Products : seacms- Published: Aug. 29, 2024
- Modified: Sep. 06, 2024
-
5.4
MEDIUMCVE-2024-8328
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scr... Read more
Affected Products : easy_test_online_learning_and_testing_platform- Published: Aug. 30, 2024
- Modified: Sep. 04, 2024
-
5.4
MEDIUMCVE-2024-6585
Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A thr... Read more
Affected Products :- Published: Aug. 30, 2024
- Modified: Sep. 03, 2024
-
5.4
MEDIUMCVE-2024-43412
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Use... Read more
Affected Products : xibo- Published: Sep. 03, 2024
- Modified: Sep. 12, 2024
-
5.4
MEDIUMCVE-2024-8121
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This ma... Read more
Affected Products : wp_extended- Published: Sep. 04, 2024
- Modified: Sep. 06, 2024
-
5.4
MEDIUMCVE-2024-8407
A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of... Read more
Affected Products : akademy- Published: Sep. 04, 2024
- Modified: Sep. 05, 2024
-
5.4
MEDIUMCVE-2024-45177
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration i... Read more
Affected Products :- Published: Sep. 04, 2024
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2024-5309
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analyt... Read more
Affected Products : form_vibes- Published: Sep. 05, 2024
- Modified: Sep. 11, 2024
-
5.4
MEDIUMCVE-2024-44837
A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.... Read more
Affected Products : drug- Published: Sep. 06, 2024
- Modified: Sep. 12, 2024
-
5.4
MEDIUMCVE-2024-6859
The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more
Affected Products : wp_multitasking- Published: Sep. 08, 2024
- Modified: Sep. 11, 2024
-
5.4
MEDIUMCVE-2024-5416
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization a... Read more
Affected Products : website_builder- Published: Sep. 11, 2024
- Modified: Sep. 26, 2024
-
5.4
MEDIUMCVE-2020-24061
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script... Read more
- Published: Sep. 12, 2024
- Modified: Sep. 13, 2024
-
5.4
MEDIUMCVE-2023-3410
The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke... Read more
Affected Products : bricks- Published: Sep. 14, 2024
- Modified: Sep. 27, 2024
-
5.4
MEDIUMCVE-2024-8863
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site... Read more
Affected Products : aim- Published: Sep. 14, 2024
- Modified: Sep. 20, 2024
-
5.4
MEDIUMCVE-2024-39910
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being upload... Read more
Affected Products : decidim- Published: Sep. 16, 2024
- Modified: Sep. 29, 2024
-
5.4
MEDIUMCVE-2016-9986
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more
Affected Products : jazz_reporting_service- EPSS Score: %0.27
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-9987
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more
Affected Products : jazz_reporting_service- EPSS Score: %0.27
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-9988
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more
Affected Products : jazz_reporting_service- EPSS Score: %0.27
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2016-9989
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more
Affected Products : jazz_reporting_service- EPSS Score: %0.27
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2021-24897
The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks... Read more
Affected Products : add_subtitle- EPSS Score: %0.17
- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024