|
681
|
5.5 |
MEDIUM
Local
|
code-projects
|
blood_bank_management_system
|
A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation lea…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-9040
|
2024-09-28 00:53 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
5.4 |
MEDIUM
Network
|
wpgogo
|
custom_field_template
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field …
|
CWE-79
Cross-site Scripting
|
CVE-2024-44062
|
2024-09-28 00:49 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
5.4 |
MEDIUM
Network
|
mediaron
|
custom_query_blocks
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks:…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44059
|
2024-09-28 00:33 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
6.1 |
MEDIUM
Network
|
mohammadarif
|
opor_ayam
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a throug…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44053
|
2024-09-28 00:32 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
4.8 |
MEDIUM
Network
|
acquia
|
mautic
|
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
|
CWE-79
Cross-site Scripting
|
CVE-2024-47058
|
2024-09-28 00:31 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
6.1 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
|
CWE-79
Cross-site Scripting
|
CVE-2024-47050
|
2024-09-28 00:29 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
8.8 |
HIGH
Network
|
purestorage
|
purity\/\/fa
purity\/\/fb
|
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
|
CWE-77
Command Injection
|
CVE-2024-0005
|
2024-09-28 00:25 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
- |
|
-
|
-
|
The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. T…
|
-
|
CVE-2024-36427
|
2024-09-28 00:15 |
2024-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
- |
|
-
|
-
|
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
|
-
|
CVE-2024-36426
|
2024-09-28 00:15 |
2024-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
7.5 |
HIGH
Network
ibm
|
aspera_cargo
aspera_connect
|
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
|
CWE-523
Unprotected Transport of Credentials
|
CVE-2023-22862
|
2024-09-28 00:15 |
2023-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
