Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-32744 |
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32743 |
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32345 |
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32344 |
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32343 |
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32342 |
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32341 |
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32340 |
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32339 |
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32338 |
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32337 |
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module. Published: April 17, 2024; 5:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3817 |
HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package. Published: April 17, 2024; 4:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29951 |
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. Published: April 17, 2024; 4:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-21990 |
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. Published: April 17, 2024; 4:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-21989 |
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges. Published: April 17, 2024; 4:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0257 |
RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application. Published: April 17, 2024; 4:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3900 |
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText. Published: April 17, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3323 |
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact. Published: April 17, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32163 |
CMSeasy 7.7.7.9 is vulnerable to code execution. Published: April 17, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32162 |
CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. Published: April 17, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |