Skip to main content
CVE-2024-32733 MEDIUM This Month

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-4823 MEDIUM This Month

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS School Erp Pro Responsive
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-4822 MEDIUM This Month

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Erp Pro Responsive
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-4424 MEDIUM This Month

The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-34749 MEDIUM This Month

Phormer prior to version 3.35 contains a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-34074 MEDIUM PATCH This Month

Frappe is a full-stack web application framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Frappe
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-30268 MEDIUM This Month

Cacti provides an operational monitoring and fault management framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-28866 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Gocd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-28277 MEDIUM This Month

In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS School Task Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-28276 MEDIUM This Month

Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS School Task Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-25662 MEDIUM This Month

Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting (XSS) for malicious URLs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22910 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Crushftp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-22344 MEDIUM This Month

IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Txseries For Multiplatform
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-31486 MEDIUM This Month

A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.5%
CVE-2024-22270 MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2024-22269 MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2024-35170 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidden Depth Sticky banner allows Stored XSS.2.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34430 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rashed Latif TT Custom Post Type Creator allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34429 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data allows Stored XSS.8.0.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34428 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harknell AWSOM News Announcement allows Stored XSS.6.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34426 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.8.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34424 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iePlexus Featured Content Gallery allows Stored XSS.2.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34423 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpbits Forty Four - 404 Plugin for WordPress allows Stored XSS.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34422 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trinhtuantai Viet Affiliate Link allows Stored XSS.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34419 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34425 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Baylog QuickieBar allows Stored XSS.8.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-35169 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in all_bootstrap_blocks All Bootstrap Blocks all-bootstrap-blocks.3.15. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-34418 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-34417 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Toidicode.Com (thanhtaivtt) Viet Nam Affiliate allows Stored XSS.0.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-34811 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.5.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Sms
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-34420 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in talspotim Comments Evolved for WordPress allows Stored XSS.6.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-34437 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.15.24. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Form Maker
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-4769 MEDIUM This Month

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-33864 MEDIUM This Month

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Linqi
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-34704 MEDIUM This Month

era-compiler-solidity is the ZKsync compiler for Solidity. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-34701 MEDIUM This Month

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-33950 MEDIUM This Month

Administrator Cross Site Scripting (XSS) in Archives Calendar Widget <= 1.0.15 versions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-32985 MEDIUM This Month

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-30171 MEDIUM PATCH This Month

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-26306 MEDIUM This Month

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure OpenSSL Iperf3 Bootstrap Os
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2024-30801 MEDIUM This Month

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SQLi
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
1.6%
CVE-2024-27106 MEDIUM This Month

Vulnerable data in transit in GE HealthCare EchoPAC products. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-4859 MEDIUM This Month

Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-33876 MEDIUM This Month

HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-33875 MEDIUM This Month

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-32610 MEDIUM This Month

HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-32607 MEDIUM This Month

HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-32606 MEDIUM This Month

HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c). Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-29166 MEDIUM This Month

HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE Denial Of Service Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-27841 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
Prev Page 12 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy