281
|
4.8 |
MEDIUM
Network
|
info-d-74
|
flipping_cards
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a throu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45460
|
2024-09-27 23:51 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
282
|
6.1 |
MEDIUM
Network
|
pickplugins
|
product_slider_for_woocommerce
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45459
|
2024-09-27 23:46 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
283
|
- |
|
-
|
-
|
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
|
-
|
CVE-2024-37779
|
2024-09-27 23:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
284
|
5.4 |
MEDIUM
Network
|
happyforms
|
happyforms
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44063
|
2024-09-27 23:31 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
285
|
4.8 |
MEDIUM
Network
|
expresstech
|
quiz_and_survey_master
|
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Sc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8758
|
2024-09-27 23:29 |
2024-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
286
|
7.2 |
HIGH
Network
|
purestorage
|
purity\/\/fa
|
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
|
CWE-94
Code Injection
|
CVE-2024-0004
|
2024-09-27 23:24 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
287
|
7.2 |
HIGH
Network
|
purestorage
|
purity\/\/fa
|
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
|
NVD-CWE-noinfo
|
CVE-2024-0003
|
2024-09-27 23:23 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
288
|
- |
|
-
|
-
|
A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9283
|
2024-09-27 23:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
289
|
- |
|
-
|
-
|
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style paramete…
|
CWE-22
Path Traversal
|
CVE-2024-7149
|
2024-09-27 23:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
290
|
- |
|
-
|
-
|
Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes thi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47184
|
2024-09-27 23:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|