Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-42904 | Cross-site Scripting vulnerability in Syspass A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php. | 6.1 |
| 2024-09-03 | CVE-2024-43412 | Cross-site Scripting vulnerability in Xibosignage Xibo Xibo is an open source digital signage platform with a web content management system (CMS). | 5.4 |
| 2024-09-03 | CVE-2024-7654 | Cross-site Scripting vulnerability in Progress Openedge An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users. Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default. | 6.1 |
| 2024-09-03 | CVE-2024-44920 | Cross-site Scripting vulnerability in Seacms 12.9 A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | 6.1 |
| 2024-09-03 | CVE-2024-42061 | Cross-site Scripting vulnerability in Zyxel ZLD Firmware 4.30/4.55 A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. | 6.1 |
| 2024-09-02 | CVE-2024-45621 | Cross-site Scripting vulnerability in Rocket.Chat The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents. | 5.4 |
| 2024-09-02 | CVE-2024-28100 | Cross-site Scripting vulnerability in Elabftw eLabFTW is an open source electronic lab notebook for research labs. | 5.4 |
| 2024-09-02 | CVE-2024-43792 | Cross-site Scripting vulnerability in Halo Halo is an open source website building tool. | 6.1 |
| 2024-09-02 | CVE-2024-6920 | Cross-site Scripting vulnerability in NAC Nacpremium Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. | 6.1 |
| 2024-09-02 | CVE-2024-38858 | Cross-site Scripting vulnerability in Checkmk Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | 6.1 |