1151
|
6.1 |
MEDIUM
Network
|
rws
|
multitrans
|
An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent …
|
CWE-79
Cross-site Scripting
|
CVE-2024-43025
|
2024-10-1 02:51 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1152
|
5.3 |
MEDIUM
Network
coffee2code
|
remember_me_controls
|
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-7415
|
2024-10-1 02:46 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1153
|
8.2 |
HIGH
Network
|
scriptcase
|
scriptcase
|
Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. This vulnera…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8942
|
2024-10-1 02:39 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1154
|
6.1 |
MEDIUM
Network
|
rollupjs
|
rollup
|
Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `impor…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47068
|
2024-10-1 02:39 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1155
|
7.5 |
HIGH
Network
linuxptp_project
|
linuxptp
|
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
|
NVD-CWE-noinfo
|
CVE-2024-42861
|
2024-10-1 02:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1156
|
6.1 |
MEDIUM
Network
|
flowiseai
|
embed flowise
|
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-9148
|
2024-10-1 02:34 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1157
|
7.5 |
HIGH
Network
thecosy
|
icecms
|
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/C…
|
NVD-CWE-noinfo
|
CVE-2024-46610
|
2024-10-1 01:30 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1158
|
- |
|
-
|
-
|
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admi…
|
-
|
CVE-2024-3165
|
2024-10-1 01:15 |
2024-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1159
|
- |
|
-
|
-
|
In dotCMS dashboard, the Tools and Log Files tabs under System ? Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admi…
|
-
|
CVE-2024-3164
|
2024-10-1 01:15 |
2024-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1160
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is h…
|
CWE-79
Cross-site Scripting
|
CVE-2023-3042
|
2024-10-1 01:15 |
2023-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|