Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51495 | 1 Librenms | 1 Librenms | 2024-11-20 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwrite_ip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0. | ||||
| CVE-2024-51494 | 1 Librenms | 1 Librenms | 2024-11-20 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the "Port Settings" page is visited, potentially compromising the user's session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0. | ||||
| CVE-2024-49758 | 1 Librenms | 1 Librenms | 2024-11-20 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0. | ||||
| CVE-2024-49759 | 1 Librenms | 1 Librenms | 2024-11-20 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "bill_name" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the "Bill Access" dropdown in the user's "Manage Access" page, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0. | ||||
| CVE-2024-49764 | 1 Librenms | 1 Librenms | 2024-11-20 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture Debug Information" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. This vulnerability is fixed in 24.10.0. | ||||
| CVE-2024-50350 | 1 Librenms | 1 Librenms | 2024-11-20 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0. | ||||
| CVE-2024-50355 | 1 Librenms | 1 Librenms | 2024-11-20 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can be trigger from different sources. This vulnerability is fixed in 24.10.0. | ||||
| CVE-2024-52526 | 1 Librenms | 1 Librenms | 2024-11-20 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0. | ||||
| CVE-2024-51824 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sony7596, mrseankumar25, miraclewebssoft Advanced Video Player with Analytics allows DOM-Based XSS.This issue affects Advanced Video Player with Analytics: from n/a through 1. | ||||
| CVE-2024-50352 | 1 Librenms | 1 Librenms | 2024-11-20 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0. | ||||
| CVE-2024-51822 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keon Themes Creative Blocks allows Stored XSS.This issue affects Creative Blocks: from n/a through 1.0.1. | ||||
| CVE-2024-51936 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Henry ESB Testimonials allows Stored XSS.This issue affects ESB Testimonials: from n/a through 1.0.0. | ||||
| CVE-2024-51935 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sam Perrow Fast Video and Image Display allows DOM-Based XSS.This issue affects Fast Video and Image Display: from n/a through 2.5.2. | ||||
| CVE-2024-51930 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jie Wang Custom URL Shortener allows Stored XSS.This issue affects Custom URL Shortener: from n/a through 0.3.6. | ||||
| CVE-2024-51929 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Spectrum Icon Widget allows DOM-Based XSS.This issue affects Icon Widget: from n/a through 1.1.0. | ||||
| CVE-2024-51928 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakir Hasan Blocks Post Grid allows DOM-Based XSS.This issue affects Blocks Post Grid: from n/a through 1.0.3. | ||||
| CVE-2024-51927 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codember Rig Elements For Elementor allows DOM-Based XSS.This issue affects Rig Elements For Elementor: from n/a through 1.0. | ||||
| CVE-2024-51926 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpsoul GreenCon allows Stored XSS.This issue affects GreenCon: from n/a through 1.0.1. | ||||
| CVE-2024-51913 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapme Mapme allows Stored XSS.This issue affects Mapme: from n/a through 1.3.2. | ||||
| CVE-2024-51912 | 2024-11-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lilaea Media IntelliWidget Elements allows DOM-Based XSS.This issue affects IntelliWidget Elements: from n/a through 2.2.7. | ||||