8.2
CVE-2024-11599 - Domain Restriction Bypass on Registration
Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.
6.8
CVE-2024-22038 - DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
4.6
CVE-2024-49502 - Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container suse/manager/5.0/β¦
4.6
CVE-2024-49503 - Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-15β¦
5.7
CVE-2024-52283 -
Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project
6.1
CVE-2024-11684 - Kudos Donations β Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting
The Kudos Donations β Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticatedβ¦
6.4
CVE-2024-11786 - Login with Vipps and MobilePay <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it posβ¦
6.1
CVE-2024-11458 - FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting
The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ays_faq_tab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary wβ¦
6.1
CVE-2024-11685 - Kudos Donations β Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scriptingβ¦
The `Kudos Donations β Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attaβ¦
6.1
CVE-2024-11366 - SEO Landing Page Generator <= 1.66.2 - Reflected Cross-Site Scripting
The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenticated attackers to inject arbitrary web scriβ¦