The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-29924 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through 5.8.2. | -- | Mar 27, 2024 |
| CVE-2024-29923 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8. | -- | Mar 27, 2024 |
| CVE-2024-29922 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1. | -- | Mar 27, 2024 |
| CVE-2024-29921 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Supsystic Photo Gallery by Supsystic allows Stored XSS.This issue affects Photo Gallery by Supsystic: from n/a through 1.15.16. | -- | Mar 27, 2024 |
| CVE-2024-29920 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.2.9. | -- | Mar 27, 2024 |
| CVE-2024-29919 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by Ays: from n/a through 5.5.2. | -- | Mar 27, 2024 |
| CVE-2024-29918 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6. | -- | Mar 27, 2024 |
| CVE-2024-29917 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9. | -- | Mar 27, 2024 |
| CVE-2024-29915 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9. | -- | Mar 27, 2024 |
| CVE-2024-29914 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15. | -- | Mar 27, 2024 |
| CVE-2024-29913 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3. | -- | Mar 27, 2024 |
| CVE-2024-29912 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80. | -- | Mar 27, 2024 |
| CVE-2024-29911 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | -- | Mar 27, 2024 |
| CVE-2024-29910 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2. | -- | Mar 27, 2024 |
| CVE-2024-29909 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Camille Verrier Travelers\' Map allows Stored XSS.This issue affects Travelers\' Map: from n/a through 2.2.0. | -- | Mar 27, 2024 |
| CVE-2024-29908 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.71. | -- | Mar 27, 2024 |
| CVE-2024-29907 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor: from n/a through 1.5.0. | -- | Mar 27, 2024 |
| CVE-2024-29906 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. | -- | Mar 27, 2024 |
| CVE-2024-29898 | CreateWiki is Miraheze\'s MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c. | -- | Mar 28, 2024 |
| CVE-2024-29897 | CreateWiki is Miraheze\'s MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request\'s entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937. | -- | Mar 28, 2024 |
| CVE-2024-29896 | Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be allow-listing malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0. | -- | Mar 28, 2024 |
| CVE-2024-29892 | ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17. | -- | Mar 28, 2024 |
| CVE-2024-29891 | ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim\'s account in certain scenarios. A possible victim would need to directly open the supposed image in the browser, where a session in ZITADEL needs to be active for this exploit to work. The exploit could only be reproduced if the victim was using Firefox. Chrome, Safari as well as Edge did not execute the code. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17. | -- | Mar 28, 2024 |
| CVE-2024-29888 | Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`. | -- | Mar 28, 2024 |
| CVE-2024-29887 | Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue. | -- | Mar 28, 2024 |
| CVE-2024-29886 | Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6. | -- | Mar 28, 2024 |
| CVE-2024-29882 | SRS is a simple, high-efficiency, real-time video server. SRS\'s `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn\'t filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121. | -- | Mar 28, 2024 |
| CVE-2024-29820 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88. | -- | Mar 27, 2024 |
| CVE-2024-29819 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2. | -- | Mar 27, 2024 |
| CVE-2024-29818 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker allows Stored XSS.This issue affects WP Poll Maker: from n/a through 3.1. | -- | Mar 27, 2024 |
| CVE-2024-29817 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5. | -- | Mar 27, 2024 |
| CVE-2024-29816 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2. | -- | Mar 27, 2024 |
| CVE-2024-29815 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0. | -- | Mar 27, 2024 |
| CVE-2024-29814 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CurrencyRate.Today Exchange Rates Widget allows Stored XSS.This issue affects Exchange Rates Widget: from n/a through 1.4.0. | -- | Mar 27, 2024 |
| CVE-2024-29813 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through 2.0.1. | -- | Mar 27, 2024 |
| CVE-2024-29812 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. | -- | Mar 27, 2024 |
| CVE-2024-29811 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. | -- | Mar 27, 2024 |
| CVE-2024-29807 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26. | -- | Mar 27, 2024 |
| CVE-2024-29806 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. | -- | Mar 27, 2024 |
| CVE-2024-29805 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5. | -- | Mar 27, 2024 |
| CVE-2024-29804 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14. | -- | Mar 27, 2024 |
| CVE-2024-29803 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05. | -- | Mar 27, 2024 |
| CVE-2024-29802 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3. | -- | Mar 27, 2024 |
| CVE-2024-29801 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Petri Damstén Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11. | -- | Mar 27, 2024 |
| CVE-2024-29799 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211. | -- | Mar 27, 2024 |
| CVE-2024-29798 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Appsmav Gratisfaction allows Stored XSS.This issue affects Gratisfaction: from n/a through 4.3.4. | -- | Mar 27, 2024 |
| CVE-2024-29797 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1. | -- | Mar 27, 2024 |
| CVE-2024-29796 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1. | -- | Mar 27, 2024 |
| CVE-2024-29795 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more: from n/a through 4.5.24. | -- | Mar 27, 2024 |
| CVE-2024-29794 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1. | -- | Mar 27, 2024 |
