CVE-2024-43408

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7.

Related Vulnerabilities

CVE-2018-15641

MEDIUM
CVSS:6.3(Medium)

Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in t...

CWE-792018

CVE-2018-21155

MEDIUM
CVSS:6.3(Medium)

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0....

CWE-792018

CVE-2018-6495

MEDIUM
CVSS:6.3(Medium)

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser...

CWE-792018

CVE-2020-13965

MEDIUM
CVSS:6.3(Medium)

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

CWE-792020

CVE-2020-36085

MEDIUM
CVSS:6.3(Medium)

Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply Fo...

CWE-792020

CVE-2020-7747

MEDIUM
CVSS:6.3(Medium)

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.

CWE-792020