871
|
6.1 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
|
CWE-79
Cross-site Scripting
|
CVE-2024-47050
|
2024-09-28 00:29 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
872
|
8.8 |
HIGH
Network
|
purestorage
|
purity\/\/fa purity\/\/fb
|
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
|
CWE-77
Command Injection
|
CVE-2024-0005
|
2024-09-28 00:25 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
873
|
- |
|
-
|
-
|
The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. T…
|
-
|
CVE-2024-36427
|
2024-09-28 00:15 |
2024-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
874
|
- |
|
-
|
-
|
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
|
-
|
CVE-2024-36426
|
2024-09-28 00:15 |
2024-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
875
|
7.5 |
HIGH
Network
ibm
|
aspera_cargo aspera_connect
|
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
|
CWE-523
Unprotected Transport of Credentials
|
CVE-2023-22862
|
2024-09-28 00:15 |
2023-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
876
|
5.4 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
|
CWE-79
Cross-site Scripting
|
CVE-2021-27917
|
2024-09-28 00:13 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
877
|
4.8 |
MEDIUM
Network
|
info-d-74
|
flipping_cards
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a throu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45460
|
2024-09-27 23:51 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
878
|
6.1 |
MEDIUM
Network
|
pickplugins
|
product_slider_for_woocommerce
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45459
|
2024-09-27 23:46 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
879
|
- |
|
-
|
-
|
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
|
-
|
CVE-2024-37779
|
2024-09-27 23:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
880
|
5.4 |
MEDIUM
Network
|
happyforms
|
happyforms
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44063
|
2024-09-27 23:31 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|