2031
|
6.1 |
MEDIUM
Network
|
scriptonite
|
music_request_manager
|
The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Script…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6018
|
2024-09-14 01:15 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2032
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.
|
-
|
CVE-2023-46951
|
2024-09-14 01:15 |
2024-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2033
|
6.1 |
MEDIUM
Network
|
scriptonite
|
music_request_manager
|
The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against ad…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6019
|
2024-09-14 01:13 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2034
|
7.5 |
HIGH
Network
thimpress
|
learnpress
|
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up …
|
CWE-89
SQL Injection
|
CVE-2024-8522
|
2024-09-14 01:12 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2035
|
7.5 |
HIGH
Network
thimpress
|
learnpress
|
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions u…
|
CWE-89
SQL Injection
|
CVE-2024-8529
|
2024-09-14 01:11 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2036
|
4.8 |
MEDIUM
Network
|
pega
|
infinity
|
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6700
|
2024-09-14 01:09 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2037
|
4.8 |
MEDIUM
Network
|
pega
|
infinity
|
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6701
|
2024-09-14 01:08 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2038
|
4.8 |
MEDIUM
Network
|
pega
|
infinity
|
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6702
|
2024-09-14 01:07 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2039
|
4.3 |
MEDIUM
Adjacent
|
kasdanet
|
kw5515_firmware
|
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script
|
CWE-79
Cross-site Scripting
|
CVE-2020-24061
|
2024-09-14 01:05 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2040
|
6.1 |
MEDIUM
Network
|
yzane
|
markdown_pdf
|
A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to ini…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7739
|
2024-09-14 01:03 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|