5.3
CVE-2024-7303 - itsourcecode Online Blood Bank Management System Send Blood Request Page request.php cross site scrβ¦
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /request.php of the component Send Blood Request Page. The manipulation of the argument Address/bloodgroup leads to cross site β¦
5.3
CVE-2024-7300 - Bolt CMS Showcase Creation showcases cross site scripting
A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument title/textarea leads to cross site scripting. It is possible to launch theβ¦
9.2
CVE-2024-6980 - Verbose error handling issue in GravityZone Update Server proxy service
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery.Β This issue only affects GravityZone Console versions before 6.38.1-5Β running only on premise.
5.3
CVE-2024-7299 - Bolt CMS Entry Preview page cross site scripting
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attackβ¦
5.3
CVE-2024-7290 - SourceCodester Establishment Billing Management System manage_tenant.php sql injection
A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit hβ¦
9.8
CVE-2024-6695 - profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.
6.5
CVE-2024-6412 - HTML Forms β Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF
The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
5.4
CVE-2024-6408 - Slider by 10Web < 1.2.57 - Editor+ Stored XSS
The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
6.1
CVE-2024-6272 - SpiderContacts <= 1.1.7 - Reflected XSS
The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
4.8
CVE-2024-6165 - WANotifier < 2.6.1 - Admin+ Stored XSS
The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)