Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44176 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-40740 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/.
CVE-2024-40739 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add.
CVE-2024-40738 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.
CVE-2024-40736 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add.
CVE-2024-40735 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/.
CVE-2024-40734 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/.
CVE-2024-40733 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/.
CVE-2024-40732 1 Netbox 1 Netbox 2024-11-21 7.1 High
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/.
CVE-2024-40731 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/.
CVE-2024-40730 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/.
CVE-2024-40729 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/.
CVE-2024-40728 1 Netbox 1 Netbox 2024-11-21 7.1 High
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/.
CVE-2024-40727 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/.
CVE-2024-40726 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/.
CVE-2024-40690 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.
CVE-2024-40618 1 Naver 1 Whale Browser 2024-11-21 9.6 Critical
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
CVE-2024-40600 1 Mediawiki 2 Mediawiki, Metrolook Skin 2024-11-21 6.1 Medium
An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVE-2024-3999 1 Spider-themes 1 Eazydocs 2024-11-21 4.8 Medium
The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-3987 1 Freshlightlab 1 Wp Mobile Menu 2024-11-21 5.4 Medium
The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-3978 1 Andrewabarber 1 Wordpress Jitsi Shortcode 2024-11-21 5.4 Medium
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks