1431
|
6.1 |
MEDIUM
Network
|
mohammadarif
|
opor_ayam
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a throug…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44053
|
2024-09-28 00:32 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1432
|
4.8 |
MEDIUM
Network
|
acquia
|
mautic
|
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
|
CWE-79
Cross-site Scripting
|
CVE-2024-47058
|
2024-09-28 00:31 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1433
|
6.1 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
|
CWE-79
Cross-site Scripting
|
CVE-2024-47050
|
2024-09-28 00:29 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1434
|
8.8 |
HIGH
Network
|
purestorage
|
purity\/\/fa purity\/\/fb
|
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
|
CWE-77
Command Injection
|
CVE-2024-0005
|
2024-09-28 00:25 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1435
|
- |
|
-
|
-
|
The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. T…
|
-
|
CVE-2024-36427
|
2024-09-28 00:15 |
2024-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1436
|
- |
|
-
|
-
|
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
|
-
|
CVE-2024-36426
|
2024-09-28 00:15 |
2024-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1437
|
7.5 |
HIGH
Network
ibm
|
aspera_cargo aspera_connect
|
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
|
CWE-523
Unprotected Transport of Credentials
|
CVE-2023-22862
|
2024-09-28 00:15 |
2023-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1438
|
5.4 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
|
CWE-79
Cross-site Scripting
|
CVE-2021-27917
|
2024-09-28 00:13 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1439
|
4.8 |
MEDIUM
Network
|
info-d-74
|
flipping_cards
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a throu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45460
|
2024-09-27 23:51 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1440
|
6.1 |
MEDIUM
Network
|
pickplugins
|
product_slider_for_woocommerce
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45459
|
2024-09-27 23:46 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|