7.1
CVE-2024-33985 - Cross-Site Scripting (XSS) vulnerability in Janobe products
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.phβ¦
7.1
CVE-2024-33984 - Cross-Site Scripting (XSS) vulnerability in Janobe products
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLβ¦
7.1
CVE-2024-33983 - Cross-Site Scripting (XSS) vulnerability in Janobe products
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLβ¦
7.1
CVE-2024-33982 - Cross-Site Scripting (XSS) vulnerability in Janobe products
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMβ¦
7.5
CVE-2024-41991 - python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLβ¦
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
7.5
CVE-2024-41990 - python-django: Potential denial-of-service vulnerability in django.utils.html.urlize()
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
7.5
CVE-2024-41989 - python-django: Memory exhaustion in django.utils.numberformat.floatformat()
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
9.8
CVE-2024-42005 - python-django: Potential SQL injection in QuerySet.values() and values_list()
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
7.5
CVE-2024-43114 -
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
5.1
CVE-2024-7551 - juzaweb CMS Theme Editor default path traversal
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit β¦