6.1
CVE-2024-10289 - Cross-Site Scripting (XSS) vulnerability in LocalServer
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName.
6.1
CVE-2024-10288 - Cross-Site Scripting (XSS) vulnerability in LocalServer
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName.
6.1
CVE-2024-10287 - Cross-Site Scripting (XSS) vulnerability in LocalServer
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName.
6.1
CVE-2024-10286 - Cross-Site Scripting (XSS) vulnerability in LocalServer
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to.
5.3
CVE-2024-10277 - ESAFENET CDG UsbKeyAjax.java sql injection
A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been β¦
5.4
CVE-2024-8500 - WP Shortcodes Plugin β Shortcodes Ultimate <= 7.2.2 - Authenticated (Contributor+) DOM-Based Storedβ¦
The WP Shortcodes Plugin β Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, witβ¦
5.3
CVE-2024-10276 - Telestream Sentry Reports Page page cross site scripting
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched β¦
4.9
CVE-2023-50310 - IBM CICS Transaction Gateway for Multiplatforms information disclosure
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
4.3
CVE-2024-9530 - Qi Addons For Elementor <= 1.8.0 - Sensitive Information Exposure
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the coβ¦
4.3
CVE-2024-10045 - Transients Manager <= 2.0.6 - Cross-Site Request Forgery
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to delete transients via a β¦