|
313251
|
- |
|
-
|
-
|
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks…
|
-
|
CVE-2024-7891
|
2024-09-13 05:35 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313252
|
6.5 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a…
|
CWE-74
Injection
|
CVE-2024-42903
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313253
|
5.4 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43412
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313254
|
6.1 |
MEDIUM
Network
|
syspass
|
syspass
|
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientCon…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42904
|
2024-09-13 05:19 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313255
|
4.8 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43413
|
2024-09-13 05:18 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313256
|
5.4 |
MEDIUM
Network
|
cloudcannon
|
pagefinder
|
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking …
|
CWE-79
Cross-site Scripting
|
CVE-2024-45389
|
2024-09-13 05:17 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313257
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a reservation duplicate of CVE-2024-45593. Notes: All CVE users should reference CVE-2024-45593 instea…
|
-
|
CVE-2024-45845
|
2024-09-13 05:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313258
|
9.8 |
CRITICAL
Network
|
blakeembrey
|
template
|
@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.…
|
CWE-94
Code Injection
|
CVE-2024-45390
|
2024-09-13 05:15 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313259
|
7.5 |
HIGH
Network
|
tina
|
tina
|
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search toke…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-45391
|
2024-09-13 05:13 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313260
|
4.2 |
MEDIUM
Physics
|
yubico
|
yubikey_5c_nfc_firmware
yubikey_5_nfc_firmware
yubikey_5c_firmware
yubikey_5_nano_firmware
yubikey_5c_nano_firmware
yubikey_5ci_firmware
yubikey_5_nfc_fips_firmware
yubikey_5c_nf…
|
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive eq…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-45678
|
2024-09-13 05:07 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
