Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-08-07 CVE-2024-41239 Cross-site Scripting vulnerability in Lopalopa Responsive School Management System 3.2.0
A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.
network
low complexity
lopalopa CWE-79
4.8
4.8
2024-08-07 CVE-2024-41240 Cross-site Scripting vulnerability in Lopalopa Responsive School Management System 3.2.0
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
network
low complexity
lopalopa CWE-79
6.1
6.1
2024-08-07 CVE-2024-41241 Cross-site Scripting vulnerability in Lopalopa Responsive School Management System 3.2.0
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
network
low complexity
lopalopa CWE-79
6.1
6.1
2024-08-07 CVE-2024-41242 Cross-site Scripting vulnerability in Lopalopa Responsive School Management System 3.2.0
A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
network
low complexity
lopalopa CWE-79
6.1
6.1
2024-08-07 CVE-2024-20443 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
5.4
5.4
2024-08-07 CVE-2024-20479 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
4.8
4.8
2024-08-06 CVE-2024-38166 Cross-site Scripting vulnerability in Microsoft Dynamics CRM Service Portal web Resource
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.
network
low complexity
microsoft CWE-79
6.1
6.1
2024-08-06 CVE-2024-28740 Cross-site Scripting vulnerability in Koha
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.
network
low complexity
koha CWE-79
critical
 9.6
9.6
2024-08-06 CVE-2024-41677 Cross-site Scripting vulnerability in Qwik
Qwik is a performance focused javascript framework.
network
low complexity
qwik CWE-79
6.1
6.1
2024-08-06 CVE-2024-41333 Cross-site Scripting vulnerability in PHPgurukul Tourism Management System 2.0
A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.
network
low complexity
phpgurukul CWE-79
6.1
6.1