2311
|
6.1 |
MEDIUM
Network
|
smseagle
|
smseagle
|
A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the …
|
CWE-79
Cross-site Scripting
|
CVE-2024-37392
|
2024-09-13 05:41 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2312
|
4.3 |
MEDIUM
Network
|
imagerecycle
|
imagerecycle_pdf_\&_image_compression
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and i…
|
CWE-862
Missing Authorization
|
CVE-2024-6631
|
2024-09-13 05:39 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2313
|
- |
|
-
|
-
|
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks…
|
-
|
CVE-2024-7891
|
2024-09-13 05:35 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2314
|
7.5 |
HIGH
Network
free5gc
|
free5gc
|
An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.
|
NVD-CWE-noinfo
|
CVE-2023-49391
|
2024-09-13 05:35 |
2023-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2315
|
5.4 |
MEDIUM
Network
|
opensolution
|
quick_cms
|
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Me…
|
CWE-79
Cross-site Scripting
|
CVE-2023-43344
|
2024-09-13 05:35 |
2023-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2316
|
5.4 |
MEDIUM
Network
|
opensolution
|
quick_cms
|
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.
|
CWE-79
Cross-site Scripting
|
CVE-2023-43342
|
2024-09-13 05:35 |
2023-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2317
|
5.4 |
MEDIUM
Network
|
opensolution
|
quick_cms
|
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu …
|
CWE-79
Cross-site Scripting
|
CVE-2023-43343
|
2024-09-13 05:35 |
2023-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2318
|
6.1 |
MEDIUM
Network
|
visioglobe
|
visioweb
|
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2022-3901
|
2024-09-13 05:22 |
2023-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2319
|
6.5 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a…
|
CWE-74
Injection
|
CVE-2024-42903
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2320
|
5.4 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43412
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|