5.3
CVE-2024-51485 - Insufficient Validation in Plugins (Activation/Deactivation) in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change wโฆ
5.5
CVE-2024-51486 - Stored Cross-Site Scripting in Ampache
Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URLโ-โFavicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript.โฆ
5.3
CVE-2024-51487 - Insufficient Validation in Catalog (Activation/Deactivation) in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change wโฆ
5.3
CVE-2024-51488 - Insufficient Validation in Delete Message in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any useโฆ
5.3
CVE-2024-51489 - Insufficient Message Token Validation in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messagesโฆ
5.5
CVE-2024-51490 - Stored Cross-Site Scripting in Ampache
Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This โฆ
5.3
CVE-2024-11078 - code-projects Job Recruitment register.php cross site scripting
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting. The attack can be launched remotely. The exโฆ
9.1
CVE-2024-51747 - Arbitrary File Read and Delete in kanboard
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLiโฆ
9.1
CVE-2024-51748 - Remote code execution through language setting in kanboard
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `sโฆ
4.1
CVE-2024-51992 - Method Exposure Vulnerability in Modals in orchid/platform
Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platformโs asynchronous modal functionality, affectiโฆ