π¨ CVE-2024-47124
The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.
π@cveNotify
The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.
π@cveNotify
π¨ CVE-2024-9291
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the argument upfile leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The GitHub repository of the project did not receive an update for more than two years.
π@cveNotify
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the argument upfile leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The GitHub repository of the project did not receive an update for more than two years.
π@cveNotify
GitHub
kvf-admin_xss. Β· Issue #1 Β· daxiangya/kvf-admin
kvf-admin_xss.md
π¨ CVE-2024-9158
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
π@cveNotify
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
π@cveNotify
π¨ CVE-2024-41587
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
π@cveNotify
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
π@cveNotify
π¨ CVE-2024-47850
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
π@cveNotify
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
π@cveNotify
GitHub
GitHub - OpenPrinting/cups: OpenPrinting CUPS Sources
OpenPrinting CUPS Sources. Contribute to OpenPrinting/cups development by creating an account on GitHub.
π¨ CVE-2024-28709
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
π@cveNotify
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
π@cveNotify
Limesurvey
Welcome to LimeSurvey Partner Services!
The LimeSurvey Partners are a group of service companies supported by the core developers of LimeSurvey. We provide a wide range of optional commercial services for LimeSurvey users, including fully-serviced LimeSurvey...
π¨ CVE-2024-28710
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
π@cveNotify
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
π@cveNotify
Limesurvey
Welcome to LimeSurvey Partner Services!
The LimeSurvey Partners are a group of service companies supported by the core developers of LimeSurvey. We provide a wide range of optional commercial services for LimeSurvey users, including fully-serviced LimeSurvey...
π¨ CVE-2024-45932
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.
π@cveNotify
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.
π@cveNotify
π¨ CVE-2024-46040
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired.
π@cveNotify
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired.
π@cveNotify
GitHub
GitHub - Anonymous120386/Anonymous
Contribute to Anonymous120386/Anonymous development by creating an account on GitHub.
π¨ CVE-2024-46041
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.
π@cveNotify
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.
π@cveNotify
GitHub
GitHub - Anonymous120386/Anonymous
Contribute to Anonymous120386/Anonymous development by creating an account on GitHub.
π¨ CVE-2024-46278
Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
π@cveNotify
Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
π@cveNotify
GitHub
GitHub - ayato-shitomi/CVE-2024-46278-teedy_1.11_account-takeover: γTeedy 1.11γAccount Takeover via XSS
γTeedy 1.11γAccount Takeover via XSS. Contribute to ayato-shitomi/CVE-2024-46278-teedy_1.11_account-takeover development by creating an account on GitHub.
π¨ CVE-2024-7918
The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
WPScan
Pocket Widget <= 0.1.3 - Admin+ Stored XSS
See details on Pocket Widget <= 0.1.3 - Admin+ Stored XSS CVE 2024-7918. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-45803
Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. This could lead to: **Session Hijacking**: Stealing session cookies, tokens, or other sensitive information. **User Impersonation**: Performing unauthorized actions on behalf of authenticated users. **Phishing**: Redirecting users to malicious websites. **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. The severity of this vulnerability depends on the context of where the affected component is used, but in all cases, it poses a significant risk to user security. This issue has been addressed in release versions 1.19.3 and 2.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. This could lead to: **Session Hijacking**: Stealing session cookies, tokens, or other sensitive information. **User Impersonation**: Performing unauthorized actions on behalf of authenticated users. **Phishing**: Redirecting users to malicious websites. **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. The severity of this vulnerability depends on the context of where the affected component is used, but in all cases, it poses a significant risk to user security. This issue has been addressed in release versions 1.19.3 and 2.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
GitHub
Merge pull request #965 from wireui/fix-xss-on-1.0 Β· wireui/wireui@784c4f1
refactor button controller
π¨ CVE-2024-6845
The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key
π@cveNotify
The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key
π@cveNotify
WPScan
SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure
See details on SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure CVE 2024-6845. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-47123
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
π@cveNotify
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
π@cveNotify
π¨ CVE-2024-20343
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.
This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.
π@cveNotify
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.
This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.
π@cveNotify
Cisco
Cisco Security Advisory: Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.
This vulnerabilityβ¦
This vulnerabilityβ¦
π¨ CVE-2024-8889
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.
π@cveNotify
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.
π@cveNotify
www.incibe.es
Multiple vulnerabilities in CIRCUTOR products
INCIBE has coordinated the publication of 6 vulnerabilities: 3 of critical severity, 1 high and 2 medi
π¨ CVE-2024-8892
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.
π@cveNotify
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.
π@cveNotify
www.incibe.es
Multiple vulnerabilities in CIRCUTOR products
INCIBE has coordinated the publication of 6 vulnerabilities: 3 of critical severity, 1 high and 2 medi
π¨ CVE-2024-46997
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.
π@cveNotify
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.
π@cveNotify
GitHub
DataEase's H2 datasource has a remote command execution risk
### Impact
An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string.
request message:
```
POST /de2api/datasource/validate HTTP/1.1 ...
An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string.
request message:
```
POST /de2api/datasource/validate HTTP/1.1 ...
π¨ CVE-2024-8668
The ShopLentor β WooCommerce Builder for Elementor & Gutenberg +12 Modules β All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The ShopLentor β WooCommerce Builder for Elementor & Gutenberg +12 Modules β All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2024-7892
The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
WPScan
adstxt Plugin <= 1.0.0 - Settings Update via CSRF
See details on adstxt Plugin <= 1.0.0 - Settings Update via CSRF CVE 2024-7892. View the latest Plugin Vulnerabilities on WPScan.