Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-7654 | Cross-site Scripting vulnerability in Progress Openedge An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users. Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default. | 6.1 |
| 2024-09-03 | CVE-2024-44920 | Cross-site Scripting vulnerability in Seacms 12.9 A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | 6.1 |
| 2024-09-03 | CVE-2024-42061 | Cross-site Scripting vulnerability in Zyxel ZLD A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. | 6.1 |
| 2024-09-02 | CVE-2024-45621 | Cross-site Scripting vulnerability in Rocket.Chat The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents. | 5.4 |
| 2024-09-02 | CVE-2024-28100 | Cross-site Scripting vulnerability in Elabftw eLabFTW is an open source electronic lab notebook for research labs. | 5.4 |
| 2024-09-02 | CVE-2024-43792 | Cross-site Scripting vulnerability in Halo Halo is an open source website building tool. | 6.1 |
| 2024-09-02 | CVE-2024-6920 | Cross-site Scripting vulnerability in NAC Nacpremium Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. | 6.1 |
| 2024-09-02 | CVE-2024-38858 | Cross-site Scripting vulnerability in Checkmk Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | 6.1 |
| 2024-09-02 | CVE-2024-7932 | Cross-site Scripting vulnerability in 3DS 3Dexperience R2024X A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 5.4 |
| 2024-09-02 | CVE-2024-7938 | Cross-site Scripting vulnerability in 3DS 3Dexperience R2023X/R2024X A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 5.4 |