1051
|
- |
|
-
|
-
|
The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. T…
|
-
|
CVE-2024-36427
|
2024-09-28 00:15 |
2024-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1052
|
- |
|
-
|
-
|
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
|
-
|
CVE-2024-36426
|
2024-09-28 00:15 |
2024-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1053
|
7.5 |
HIGH
Network
ibm
|
aspera_cargo aspera_connect
|
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
|
CWE-523
Unprotected Transport of Credentials
|
CVE-2023-22862
|
2024-09-28 00:15 |
2023-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1054
|
5.4 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
|
CWE-79
Cross-site Scripting
|
CVE-2021-27917
|
2024-09-28 00:13 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1055
|
4.8 |
MEDIUM
Network
|
info-d-74
|
flipping_cards
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a throu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45460
|
2024-09-27 23:51 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1056
|
6.1 |
MEDIUM
Network
|
pickplugins
|
product_slider_for_woocommerce
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45459
|
2024-09-27 23:46 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1057
|
- |
|
-
|
-
|
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
|
-
|
CVE-2024-37779
|
2024-09-27 23:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1058
|
5.4 |
MEDIUM
Network
|
happyforms
|
happyforms
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44063
|
2024-09-27 23:31 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1059
|
4.8 |
MEDIUM
Network
|
expresstech
|
quiz_and_survey_master
|
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Sc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8758
|
2024-09-27 23:29 |
2024-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1060
|
7.2 |
HIGH
Network
|
purestorage
|
purity\/\/fa
|
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
|
CWE-94
Code Injection
|
CVE-2024-0004
|
2024-09-27 23:24 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|