6.5
CVE-2024-34683 - Unrestricted file upload in SAP Document Builder (HTTP service)
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.
6.5
CVE-2024-33001 - Denial of service (DOS) in SAP NetWeaver and ABAP platform
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitima…
7.5
CVE-2024-34688 - Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability …
5.3
CVE-2024-2473 - WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may ha…
4.4
CVE-2024-0653 - Custom Field Template <= 2.6.1 - Authenticated (Admin+) Stored Cross-Site Scritping
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permiss…
4.3
CVE-2023-6748 - Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Information Exposure
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary pos…
6.4
CVE-2024-0627 - Custom Field Template <= 2.6.1 - Authenticated(Constibutor+) Stored Cross-Site Scripting via Custom…
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for aut…
6.4
CVE-2024-5090 - SiteOrigin Widgets Bundle <= 1.61.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via …
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aut…
6.4
CVE-2023-6745 - Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortc…
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated at…
5
CVE-2024-37178 - Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. These endpoints are exposed over the network. The vulnerability can exploit resources beyond the vulnerable component. On successful exploitation, an attacker can …