|
304111
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficien…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9059
|
2024-11-20 00:53 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304112
|
6.1 |
MEDIUM
Network
|
advancedformintegration
|
advanced_form_integration
|
The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10877
|
2024-11-20 00:52 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304113
|
7.2 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of …
|
CWE-89
SQL Injection
|
CVE-2024-11213
|
2024-11-20 00:48 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304114
|
8.8 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_…
|
CWE-89
SQL Injection
|
CVE-2024-11212
|
2024-11-20 00:48 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304115
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9682
|
2024-11-20 00:47 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304116
|
4.8 |
MEDIUM
Network
|
phpgurukul
|
user_registration_\&_login_and_user_management_system
|
A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows rem…
|
CWE-79
Cross-site Scripting
|
CVE-2024-48284
|
2024-11-20 00:45 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304117
|
4.3 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `…
|
CWE-862
Missing Authorization
|
CVE-2021-3987
|
2024-11-20 00:44 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304118
|
6.1 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover o…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3988
|
2024-11-20 00:43 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304119
|
4.3 |
MEDIUM
Network
|
viwis
|
learning_management_system
|
A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2024-8001
|
2024-11-20 00:41 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304120
|
7.4 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution …
|
CWE-863
Incorrect Authorization
|
CVE-2022-31671
|
2024-11-20 00:40 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
