|
316481
|
6.1 |
MEDIUM
Network
|
scriptonite
|
music_request_manager
|
The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin ad…
|
CWE-352
Origin Validation Error
|
CVE-2024-6017
|
2024-09-14 01:17 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316482
|
6.1 |
MEDIUM
Network
|
scriptonite
|
music_request_manager
|
The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Script…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6018
|
2024-09-14 01:15 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316483
|
6.1 |
MEDIUM
Network
|
scriptonite
|
music_request_manager
|
The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against ad…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6019
|
2024-09-14 01:13 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316484
|
4.8 |
MEDIUM
Network
|
pega
|
infinity
|
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6700
|
2024-09-14 01:09 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316485
|
4.8 |
MEDIUM
Network
|
pega
|
infinity
|
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6701
|
2024-09-14 01:08 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316486
|
4.8 |
MEDIUM
Network
|
pega
|
infinity
|
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6702
|
2024-09-14 01:07 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316487
|
4.3 |
MEDIUM
Adjacent
|
kasdanet
|
kw5515_firmware
|
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script
|
CWE-79
Cross-site Scripting
|
CVE-2020-24061
|
2024-09-14 01:05 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316488
|
6.1 |
MEDIUM
Network
|
yzane
|
markdown_pdf
|
A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to ini…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7739
|
2024-09-14 01:03 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316489
|
7.8 |
HIGH
Local
|
yzane
|
markdown_pdf
|
A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. T…
|
CWE-22
Path Traversal
|
CVE-2024-7738
|
2024-09-14 01:03 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316490
|
4.3 |
MEDIUM
Network
|
mirapolis
|
lms
|
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-25270
|
2024-09-14 01:01 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
