6.1
CVE-2024-10461 - firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace resβ¦
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
5.4
CVE-2024-10460 - firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
6.5
CVE-2024-10459 - firefox: thunderbird: Use-after-free in layout with accessibility
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
6.5
CVE-2024-10458 - firefox: thunderbird: Permission leak via embed or object elements
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
6.1
CVE-2024-49643 - WordPress Whitelist plugin <= 3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fifthsegment Whitelist fifthsegment-whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through <= 3.5.
6.1
CVE-2024-49645 - WordPress Affiliate Platform plugin <= 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform smdp-affiliate-platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through <= 1.4.8.
0.0
CVE-2024-49646 - WordPress Code Generate plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ioannup Code Generate code-generator allows Reflected XSS.This issue affects Code Generate: from n/a through <= 1.0.
0.0
CVE-2024-49647 - WordPress Simple Custom Admin plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carl Alberto Simple Custom Admin simple-custom-admin allows Reflected XSS.This issue affects Simple Custom Admin: from n/a through <= 1.2.
0.0
CVE-2024-49648 - WordPress SVG Captcha plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rafasashi SVG Captcha svg-captcha allows Reflected XSS.This issue affects SVG Captcha: from n/a through <= 1.0.11.
0.0
CVE-2024-49650 - WordPress BuddyPress Greeting Message plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xarbo BuddyPress Greeting Message bp-greeting-message allows Reflected XSS.This issue affects BuddyPress Greeting Message: from n/a through <= 1.0.3.