Filtered by CWE-79
Total 34410 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-37844 2 Radix Iot, Radixiot 2 Mango Os, Mango 2024-11-05 4.7 Medium
A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-51432 1 Fiberhome 1 Hg6544c Firmware 2024-11-04 4.8 Medium
Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized
CVE-2024-41930 2024-11-04 6.1 Medium
Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
CVE-2024-48410 1 Camtrace 1 Camtrace 2024-11-04 6.1 Medium
Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php.
CVE-2024-44731 2024-11-04 4.7 Medium
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.
CVE-2024-27525 1 Chamilo 1 Chamilo Lms 2024-11-04 4.6 Medium
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component.
CVE-2024-27524 1 Chamilo 1 Chamilo Lms 2024-11-04 7.1 High
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component.
CVE-2024-51328 1 Travel Management System Project 1 Travel Management System 2024-11-04 6.1 Medium
Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.
CVE-2024-31975 2024-11-04 4.8 Medium
EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.
CVE-2024-9896 1 Spider-themes 1 Bbp Core 2024-11-04 6.1 Medium
The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-9868 1 Bdthemes 1 Element Pack 2024-11-04 5.4 Medium
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-51076 1 Phpgurukul 1 Online Dj Booking Management System 2024-11-04 6.1 Medium
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.
CVE-2024-51075 1 Phpgurukul 1 Online Dj Booking Management System 2024-11-04 6.1 Medium
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter.
CVE-2024-51181 1 Phpgurukul 1 Ifsc Code Finder 2024-11-04 8.8 High
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.
CVE-2024-51180 1 Phpgurukul 1 Ifsc Code Finder 2024-11-04 8.8 High
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter.
CVE-2024-10461 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2024-11-04 6.1 Medium
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-8739 1 Wedevs 1 Recaptcha Integration 2024-11-04 6.1 Medium
The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-10310 1 Bdthemes 1 Element Pack 2024-11-04 6.4 Medium
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-40743 2024-11-03 6.1 Medium
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
CVE-2024-37879 2024-11-01 4.8 Medium
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".