2101
|
6.1 |
MEDIUM
Network
|
scriptonite
|
music_request_manager
|
The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin ad…
|
CWE-352
Origin Validation Error
|
CVE-2024-6017
|
2024-09-14 01:17 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2102
|
6.1 |
MEDIUM
Network
|
scriptonite
|
music_request_manager
|
The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Script…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6018
|
2024-09-14 01:15 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2103
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.
|
-
|
CVE-2023-46951
|
2024-09-14 01:15 |
2024-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2104
|
6.1 |
MEDIUM
Network
|
scriptonite
|
music_request_manager
|
The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against ad…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6019
|
2024-09-14 01:13 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2105
|
7.5 |
HIGH
Network
thimpress
|
learnpress
|
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up …
|
CWE-89
SQL Injection
|
CVE-2024-8522
|
2024-09-14 01:12 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2106
|
7.5 |
HIGH
Network
thimpress
|
learnpress
|
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions u…
|
CWE-89
SQL Injection
|
CVE-2024-8529
|
2024-09-14 01:11 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2107
|
4.8 |
MEDIUM
Network
|
pega
|
infinity
|
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6700
|
2024-09-14 01:09 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2108
|
4.8 |
MEDIUM
Network
|
pega
|
infinity
|
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6701
|
2024-09-14 01:08 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2109
|
4.8 |
MEDIUM
Network
|
pega
|
infinity
|
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6702
|
2024-09-14 01:07 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2110
|
4.3 |
MEDIUM
Adjacent
|
kasdanet
|
kw5515_firmware
|
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script
|
CWE-79
Cross-site Scripting
|
CVE-2020-24061
|
2024-09-14 01:05 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|