|
309311
|
5.4 |
MEDIUM
Network
|
tychesoftwares
|
arconix_shortcodes
|
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10226
|
2024-11-1 01:48 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309312
|
8.8 |
HIGH
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.
|
NVD-CWE-noinfo
|
CVE-2022-30357
|
2024-11-1 01:43 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309313
|
8.8 |
HIGH
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.
|
CWE-863
Incorrect Authorization
|
CVE-2022-30358
|
2024-11-1 01:41 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309314
|
5.4 |
MEDIUM
Network
|
fastlinemedia
|
beaver_builder
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9505
|
2024-11-1 01:39 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309315
|
6.4 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentic…
|
CWE-79
Cross-site Scripting
|
CVE-2022-30360
|
2024-11-1 01:38 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309316
|
4.3 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with th…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2022-30359
|
2024-11-1 01:37 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309317
|
5.3 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2022-30361
|
2024-11-1 01:34 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309318
|
4.7 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADM…
|
CWE-863
Incorrect Authorization
|
CVE-2022-30356
|
2024-11-1 01:31 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309319
|
4.3 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a…
|
NVD-CWE-noinfo
|
CVE-2024-8143
|
2024-11-1 01:23 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309320
|
7.2 |
HIGH
Network
|
funadmin
|
funadmin
|
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.
|
CWE-89
SQL Injection
|
CVE-2024-48230
|
2024-11-1 00:57 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
