U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • CPE Name Search: false
There are 240,698 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality. **Notes:** 1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is "admin" by default but there is a pop-up in the dashboard warning users to rename it. 2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already.

Published: June 22, 2024; 1:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality. **Notes:** 1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is "admin" by default but there is a pop-up in the dashboard warning users to rename it. 2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already.

Published: June 22, 2024; 1:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.

Published: June 22, 2024; 1:15:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-5966

The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: June 22, 2024; 12:15:12 AM -0400
V4.0:(not available)
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2024-5965

The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: June 22, 2024; 12:15:12 AM -0400
V4.0:(not available)
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2024-5791

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever a user accesses a wp-admin dashboard.

Published: June 21, 2024; 10:15:45 PM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2024-5346

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: June 21, 2024; 10:15:45 PM -0400
V4.0:(not available)
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2024-4313

The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: June 21, 2024; 10:15:45 PM -0400
V4.0:(not available)
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2024-2484

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: June 21, 2024; 10:15:44 PM -0400
V4.0:(not available)
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2024-6120

The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all posts, pages, and uploaded files, as well as download and install a limited set of demo plugins.

Published: June 21, 2024; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-37694

ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require authentication.

Published: June 21, 2024; 6:15:11 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37654

An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before 3.9.2 allows a remote attacker to obtain sensitive information via a crafted HTTP GET request.

Published: June 21, 2024; 6:15:11 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36532

Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

Published: June 21, 2024; 6:15:11 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34989

In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().'

Published: June 21, 2024; 6:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-34452

CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.

Published: June 21, 2024; 6:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2022-42974

In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting (XSS) attack on /file.bootloader.upload.html. The application fails to sanitize the parameter filename, in a POST request to /file.bootloader.upload.html for a system update, thus allowing one to inject HTML and/or JavaScript on the page that will then be processed and stored by the application. Any subsequent requests to pages that retrieve the malicious content will automatically exploit the vulnerability on the victim's browser. This also happens because the tag is loaded in the function innerHTML in the page HTML.

Published: June 21, 2024; 6:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2014-5470

Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.

Published: June 21, 2024; 6:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2012-6664

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.

Published: June 21, 2024; 6:15:09 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2023-45673

Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: June 21, 2024; 4:15:12 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2023-39517

Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `<map>` `<area>` links. However, unlike `<a>` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin's setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: June 21, 2024; 4:15:12 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)