|
314451
|
4.3 |
MEDIUM
Network
|
imagerecycle
|
imagerecycle_pdf_\&_image_compression
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and i…
|
CWE-862
Missing Authorization
|
CVE-2024-6631
|
2024-09-13 05:39 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314452
|
- |
|
-
|
-
|
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks…
|
-
|
CVE-2024-7891
|
2024-09-13 05:35 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314453
|
6.5 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a…
|
CWE-74
Injection
|
CVE-2024-42903
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314454
|
5.4 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43412
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314455
|
6.1 |
MEDIUM
Network
|
syspass
|
syspass
|
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientCon…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42904
|
2024-09-13 05:19 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314456
|
4.8 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43413
|
2024-09-13 05:18 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314457
|
5.4 |
MEDIUM
Network
|
cloudcannon
|
pagefinder
|
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking …
|
CWE-79
Cross-site Scripting
|
CVE-2024-45389
|
2024-09-13 05:17 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314458
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a reservation duplicate of CVE-2024-45593. Notes: All CVE users should reference CVE-2024-45593 instea…
|
-
|
CVE-2024-45845
|
2024-09-13 05:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314459
|
9.8 |
CRITICAL
Network
|
blakeembrey
|
template
|
@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.…
|
CWE-94
Code Injection
|
CVE-2024-45390
|
2024-09-13 05:15 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314460
|
7.5 |
HIGH
Network
|
tina
|
tina
|
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search toke…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-45391
|
2024-09-13 05:13 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
