8.7
CVE-2024-4901 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes.
9.6
CVE-2024-5655 - Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.
6.8
CVE-2024-5430 - Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL.
7.5
CVE-2024-6323 - Improper Isolation or Compartmentalization in GitLab
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
8.8
CVE-2024-28984 - Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Pagβ¦
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
8.8
CVE-2024-28983 - Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Pagβ¦
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
7.1
CVE-2024-28982 - Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Refβ¦
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
6.5
CVE-2024-37247 - WordPress jQuery T(-) Countdown Widget plugin <= 2.3.25 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through 2.3.25.
6.5
CVE-2024-37248 - WordPress Anima theme <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Anima allows Stored XSS.This issue affects Anima: from n/a through 1.4.1.
6.9
CVE-2024-6355 - Genexis Tilgin Fiber Home Gateway HG1522 cross site scripting
A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /status/product_info/. The manipulation of the argument product_info leads to cross site scripting. Tβ¦