Total
26559 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-3378 | 2024-04-14 | 5.0 MEDIUM | 4.3 MEDIUM | ||
A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.2.0.160 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259501 was assigned to this vulnerability. | |||||
CVE-2024-2279 | 2024-04-12 | N/A | 8.7 HIGH | ||
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. | |||||
CVE-2023-50307 | 2024-04-12 | N/A | 5.4 MEDIUM | ||
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338. | |||||
CVE-2023-45186 | 2024-04-12 | N/A | 4.8 MEDIUM | ||
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691. | |||||
CVE-2024-3092 | 2024-04-12 | N/A | 8.7 HIGH | ||
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims. | |||||
CVE-2024-22357 | 2024-04-12 | N/A | 5.4 MEDIUM | ||
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894. | |||||
CVE-2024-21419 | 2024-04-11 | N/A | 7.6 HIGH | ||
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2024-21396 | 1 Microsoft | 1 Dynamics 365 | 2024-04-11 | N/A | 7.6 HIGH |
Dynamics 365 Sales Spoofing Vulnerability | |||||
CVE-2024-21395 | 1 Microsoft | 1 Dynamics 365 | 2024-04-11 | N/A | 8.2 HIGH |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2024-21394 | 1 Microsoft | 1 Dynamics 365 | 2024-04-11 | N/A | 7.6 HIGH |
Dynamics 365 Field Service Spoofing Vulnerability | |||||
CVE-2024-21393 | 1 Microsoft | 1 Dynamics 365 | 2024-04-11 | N/A | 7.6 HIGH |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2024-21389 | 1 Microsoft | 1 Dynamics 365 | 2024-04-11 | N/A | 7.6 HIGH |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2024-21328 | 1 Microsoft | 1 Dynamics 365 | 2024-04-11 | N/A | 7.6 HIGH |
Dynamics 365 Sales Spoofing Vulnerability | |||||
CVE-2024-21327 | 1 Microsoft | 1 Dynamics 365 | 2024-04-11 | N/A | 7.6 HIGH |
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||
CVE-2024-20679 | 1 Microsoft | 1 Azure Stack Hub | 2024-04-11 | N/A | 6.5 MEDIUM |
Azure Stack Hub Spoofing Vulnerability | |||||
CVE-2024-25297 | 1 Bludit | 1 Bludit | 2024-04-11 | N/A | 4.8 MEDIUM |
Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. | |||||
CVE-2024-31937 | 2024-04-11 | N/A | 5.9 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2.0. | |||||
CVE-2024-31361 | 2024-04-11 | N/A | 5.9 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1. | |||||
CVE-2024-31925 | 2024-04-11 | N/A | 5.9 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0. | |||||
CVE-2024-31928 | 2024-04-11 | N/A | 5.9 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5. |