|
308971
|
- |
|
-
|
-
|
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.
If a request has no Authorization header, it is created with an empty string as value by a rewri…
|
-
|
CVE-2023-7273
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308972
|
- |
|
-
|
-
|
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information …
|
CWE-23
Relative Path Traversal
|
CVE-2024-9405
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308973
|
- |
|
-
|
-
|
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and out…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9118
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308974
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9060
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308975
|
- |
|
-
|
-
|
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protec…
|
-
|
CVE-2023-3441
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308976
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-8430
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308977
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8324
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308978
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9274
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308979
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9272
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308980
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escapin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9269
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
