6.9
CVE-2024-10791 - Codezips Hospital Appointment System doctorAction.php sql injection
A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit haβ¦
5.5
CVE-2024-45086 - IBM WebSphere Application Server XML external entity injection
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
5.3
CVE-2024-10768 - PHPGurukul Online Shopping Portal two_tables.php cross site scripting
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. Theβ¦
5.3
CVE-2024-10766 - Codezips Free Exam Hall Seating Management System save_user.php unrestricted upload
A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated rβ¦
5.3
CVE-2024-10765 - Codezips Online Institute Management System profile.php unrestricted upload
A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit hasβ¦
5.3
CVE-2024-10764 - Codezips Online Institute Management System save_user.php unrestricted upload
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit hβ¦
6.5
CVE-2024-51677 - WordPress Knowledge Base plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Knowledge Base knowledgebase allows Stored XSS.This issue affects Knowledge Base: from n/a through <= 2.2.0.
6.5
CVE-2024-51678 - WordPress Elo Rating Shortcode plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Elo Rating Shortcode elo-rating-shortcode allows Stored XSS.This issue affects Elo Rating Shortcode: from n/a through <= 1.0.3.
6.5
CVE-2024-51680 - WordPress Cresta Addons for Elementor plugin <= 1.0.9 - Stored Cross Site Scripting (XSS) vulnerabiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrestaProject Cresta Addons for Elementor cresta-addons-for-elementor allows Stored XSS.This issue affects Cresta Addons for Elementor: from n/a through <= 1.0.9.
6.5
CVE-2024-51681 - WordPress WP Pocket URLs plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs wp-pocket-urls allows Stored XSS.This issue affects WP Pocket URLs: from n/a through <= 1.0.3.