6.9
CVE-2024-10335 - SourceCodester Garbage Collection Management System login.php sql injection
A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. Theβ¦
6.9
CVE-2024-9692 - Improper Access Control in Input in VIMESA VHF/FM Transmitter Blue Plus
VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations.
0.0
CVE-2024-10347 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.1
CVE-2024-45031 - Apache Syncope: Stored XSS in Console and Enduser
When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser when β¦
5.4
CVE-2024-49693 - WordPress Mega Elements β Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulneraβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.This issue affects Mega Elements: from n/a through <= 1.2.6.
5.4
CVE-2024-49695 - WordPress WP Flow Plus plugin <= 5.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through <= 5.2.3.
6.4
CVE-2024-10180 - Contact Form 7 - Repeatable Fields <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scriptβ¦
The Contact Form 7 β Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's field_group shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible β¦
4.8
CVE-2024-49696 - WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.21 - Cross Site Scriptinβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through <= 3.2.21.
5.4
CVE-2024-49702 - WordPress myCred Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred Elementor mycred-for-elementor allows Stored XSS.This issue affects myCred Elementor: from n/a through <= 1.2.6.
6.1
CVE-2024-10332 -
A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint β/abonados/public/janto/main.phpβ.