661
|
4.8 |
MEDIUM
Network
|
mage-people
|
ecab_taxi_booking_manager
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects …
|
CWE-79
Cross-site Scripting
|
CVE-2024-43986
|
2024-10-4 22:22 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
662
|
8.0 |
HIGH
Adjacent
|
apache
|
lucene
|
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.
The deprecated org.apache.lucene.replicat…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45772
|
2024-10-4 22:20 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
663
|
4.8 |
MEDIUM
Network
|
delower
|
wp_to_do
|
The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3944
|
2024-10-4 22:19 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
664
|
5.3 |
MEDIUM
Network
funnelforms
|
funnelforms_free
|
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check o…
|
CWE-862
Missing Authorization
|
CVE-2024-5857
|
2024-10-4 21:59 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
665
|
4.3 |
MEDIUM
Network
|
volkov
|
wp_accessibility_helper
|
The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_…
|
CWE-862
Missing Authorization
|
CVE-2024-5987
|
2024-10-4 21:56 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
666
|
8.8 |
HIGH
Network
|
mmrs151
|
daily_prayer_time
|
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions.
|
CWE-352
Origin Validation Error
|
CVE-2023-27632
|
2024-10-4 21:53 |
2023-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
667
|
5.4 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2023-27631
|
2024-10-4 21:53 |
2023-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
668
|
5.4 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issu…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24523
|
2024-10-4 21:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
669
|
7.1 |
HIGH
Network
|
redhat
|
keycloak single_sign-on build_of_keycloak
|
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin opti…
|
CWE-384
Session Fixation
|
CVE-2024-7341
|
2024-10-4 21:48 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
670
|
4.2 |
MEDIUM
Network
|
redhat
|
quay
|
A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the…
|
NVD-CWE-Other
|
CVE-2024-5891
|
2024-10-4 21:32 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|