841
|
5.4 |
MEDIUM
Network
|
wpgogo
|
custom_field_template
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field …
|
CWE-79
Cross-site Scripting
|
CVE-2024-44062
|
2024-09-28 00:49 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
842
|
5.4 |
MEDIUM
Network
|
mediaron
|
custom_query_blocks
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks:…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44059
|
2024-09-28 00:33 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
843
|
6.1 |
MEDIUM
Network
|
mohammadarif
|
opor_ayam
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a throug…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44053
|
2024-09-28 00:32 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
844
|
4.8 |
MEDIUM
Network
|
acquia
|
mautic
|
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
|
CWE-79
Cross-site Scripting
|
CVE-2024-47058
|
2024-09-28 00:31 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
845
|
6.1 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
|
CWE-79
Cross-site Scripting
|
CVE-2024-47050
|
2024-09-28 00:29 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
846
|
8.8 |
HIGH
Network
|
purestorage
|
purity\/\/fa purity\/\/fb
|
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
|
CWE-77
Command Injection
|
CVE-2024-0005
|
2024-09-28 00:25 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
847
|
- |
|
-
|
-
|
The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. T…
|
-
|
CVE-2024-36427
|
2024-09-28 00:15 |
2024-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
848
|
- |
|
-
|
-
|
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
|
-
|
CVE-2024-36426
|
2024-09-28 00:15 |
2024-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
849
|
7.5 |
HIGH
Network
ibm
|
aspera_cargo aspera_connect
|
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
|
CWE-523
Unprotected Transport of Credentials
|
CVE-2023-22862
|
2024-09-28 00:15 |
2023-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
850
|
5.4 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
|
CWE-79
Cross-site Scripting
|
CVE-2021-27917
|
2024-09-28 00:13 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|