5.4
CVE-2024-33210 -
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.
7.5
CVE-2024-47523 - LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields depending on which β¦
7.2
CVE-2024-47524 - LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of thβ¦
7.5
CVE-2024-47525 - Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious cβ¦
3.5
CVE-2024-47526 - LibreNMS has a Self-XSS ('Cross-site Scripting') in librenms/includes/html/modal/alert_template.incβ¦
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does notβ¦
7.5
CVE-2024-47527 - LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencβ¦
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead toβ¦
4.6
CVE-2024-47528 - LibreNMS Contains a Stored XSS via File Upload
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload wβ¦
6.9
CVE-2024-47609 - Remotely exploitable DoS in Tonic `<=v0.12.2`
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that weβ¦
5.3
CVE-2024-9411 - OFCMS add.json add cross site scripting
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploβ¦
6.9
CVE-2024-47608 - Logicytics vulnerable to shell injections
Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2.