6.5
CVE-2024-43418 - GLPI has multiple reflected XSS
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.
6.5
CVE-2024-43417 - Reflected XSS in Software form
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17.
6.5
CVE-2024-41679 - Authenticated SQL injection in ticket form
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.
6.5
CVE-2024-41678 - GLPI has multiple reflected XSS
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.
8.1
CVE-2024-40638 - GLPI allows account takeover via SQL Injection in AJAX scripts
GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17.
5.3
CVE-2024-11251 - erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection
A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiateβ¦
6.7
CVE-2024-47759 - GLPI has a stored XSS via document upload
GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17.
3.5
CVE-2024-52509 - Nextcloud Mail app does not respect download permissions in shares
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. β¦
8.2
CVE-2024-52508 - Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would beβ¦
5.3
CVE-2024-11250 - code-projects Inventory Management editProduct.php sql injection
A vulnerability was found in code-projects Inventory Management up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /model/editProduct.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has β¦