|
1691
|
5.4 |
MEDIUM
Network
|
softfirm
|
definitive_addons_for_elementor
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Softfirm Definitive Addons for Elementor allows Stored XSS.This issue affects Definitive A…
|
CWE-79
Cross-site Scripting
|
CVE-2024-51587
|
2024-11-15 05:26 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1692
|
5.4 |
MEDIUM
Network
|
bu
|
bu_slideshow
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boston University (IS&T) BU Slideshow allows Stored XSS.This issue affects BU Slideshow: f…
|
CWE-79
Cross-site Scripting
|
CVE-2024-52351
|
2024-11-15 05:24 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1693
|
5.4 |
MEDIUM
Network
|
crm2go
|
crm2go
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CRM 2go allows DOM-Based XSS.This issue affects CRM 2go: from n/a through 1.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-52350
|
2024-11-15 05:22 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1694
|
8.1 |
HIGH
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controlle…
|
CWE-352
Origin Validation Error
|
CVE-2024-51484
|
2024-11-15 05:14 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1695
|
5.4 |
MEDIUM
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulner…
|
CWE-352
Origin Validation Error
|
CVE-2024-51488
|
2024-11-15 05:12 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1696
|
8.1 |
HIGH
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. …
|
CWE-352
Origin Validation Error
|
CVE-2024-51485
|
2024-11-15 05:06 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1697
|
8.4 |
HIGH
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL?-?Favicon". Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-51486
|
2024-11-15 04:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1698
|
4.3 |
MEDIUM
Network
|
futuriowp
|
futurio_extra
|
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on wh…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10695
|
2024-11-15 04:44 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1699
|
6.1 |
MEDIUM
Network
|
wpplugin
|
contact_form_7_redirect_\&_thank_you_page
|
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficie…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10685
|
2024-11-15 04:40 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1700
|
7.5 |
HIGH
Network
onedev_project
|
onedev
|
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This…
|
CWE-22
Path Traversal
|
CVE-2024-45309
|
2024-11-15 04:39 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
