5.3
CVE-2024-8163 - Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The expβ¦
9.3
CVE-2024-8162 - TOTOLINK T10 AC1200 Telnet Service product.ini hard-coded credentials
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack rβ¦
7.8
CVE-2024-41879 - RE: New Edge T5 MSRC Case [DCMSFT-1294]
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
6.5
CVE-2023-26315 - Xiaomi router has a command injection vulnerability after authorization
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.
9.8
CVE-2024-8161 - SQL injection vulnerability in CIGESv2 system
SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database.
8.2
CVE-2024-43444 - Passwords are written to Admin Log Module
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X β¦
4.9
CVE-2024-43443 - Stored XSS in process management
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects: * OTRS from 7.0.Xβ¦
4.9
CVE-2024-43442 - Stored XSS in System Configuration
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') inΒ OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins. This issue affects:Β * OTRS from 7β¦
6.1
CVE-2024-7313 - Shield Security < 20.0.6 - Reflected XSS
The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
4.7
CVE-2024-6879 - Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.