π¨ CVE-2024-43305
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts β Post + Product grids made easy allows Stored XSS.This issue affects Custom Layouts β Post + Product grids made easy: from n/a through 1.4.11.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts β Post + Product grids made easy allows Stored XSS.This issue affects Custom Layouts β Post + Product grids made easy: from n/a through 1.4.11.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Custom Layouts β Post + Product grids made easy Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43306
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WP-Lister Lite for eBay Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43307
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon BΓΆhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon BΓΆhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Structured Content Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43308
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.This issue affects Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor: from n/a through 3.3.5.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.This issue affects Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor: from n/a through 3.3.5.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Gutentor Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43309
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram Widget and Join Link: from n/a through 2.1.27.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram Widget and Join Link: from n/a through 2.1.27.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WP Telegram Widget and Join Link Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43313
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.2.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.2.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress FormFacade Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43318
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress e2pdf Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43320
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.9.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Livemesh Addons for WPBakery Page Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43321
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Team Showcase Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-7907
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
IoT_vuln/totolink/x6000R/setSyslogCfg_injection at main Β· BeaCox/IoT_vuln
Some IoT device vulnerabilities I've found. Contribute to BeaCox/IoT_vuln development by creating an account on GitHub.
π¨ CVE-2024-7908
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
IoT_vuln/totolink/EX1200L/setDefResponse_bof at main Β· BeaCox/IoT_vuln
Some IoT device vulnerabilities I've found. Contribute to BeaCox/IoT_vuln development by creating an account on GitHub.
π¨ CVE-2024-7909
A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
IoT_vuln/totolink/EX1200L/setLanguageCfg_bof at main Β· BeaCox/IoT_vuln
Some IoT device vulnerabilities I've found. Contribute to BeaCox/IoT_vuln development by creating an account on GitHub.
π¨ CVE-2024-6221
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.
π@cveNotify
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.
π@cveNotify
π¨ CVE-2024-7910
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE_Writeup/Online Railway Reservation System/RCE via File Upload.md at main Β· CYB84/CVE_Writeup
Contribute to CYB84/CVE_Writeup development by creating an account on GitHub.
π¨ CVE-2024-7911
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
cve/simple_include.md at main Β· Wsstiger/cve
Contribute to Wsstiger/cve development by creating an account on GitHub.
π¨ CVE-2024-43303
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress White Label CMS Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43304
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets β Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets β Price Ticker & Coins List: from n/a through 2.8.0.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets β Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets β Price Ticker & Coins List: from n/a through 2.8.0.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Cryptocurrency Widgets β Price Ticker & Coins List Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π1
π¨ CVE-2021-36821
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Forminator Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-35686
Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.
π@cveNotify
Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.
π@cveNotify
Patchstack
Broken Access Control in WordPress Sensei LMS Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43145
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61.
π@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61.
π@cveNotify
Patchstack
SQL Injection in WordPress GeoDirectory Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43207
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62.
π@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62.
π@cveNotify
Patchstack
SQL Injection in WordPress Unite Gallery Lite Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.