Skip to main content
CVE-2024-22297 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS.1.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google Cbx Map
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22292 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.2.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp To Do
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22310 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formzu Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Formzu Wp
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23505 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook - DearPDF allows Stored XSS.0.38. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dearpdf
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-1111 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Qr Code Login System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-0914 MEDIUM PATCH This Month

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Opencryptoki Enterprise Linux
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-22153 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.5.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Stock Locations For Woocommerce
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-22161 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harmonic Design HD Quiz allows Stored XSS.8.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hd Quiz
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-22306 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.7.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mang Board
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-22295 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.2.17. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Robo Gallery
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-22236 MEDIUM PATCH This Month

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Google Spring Cloud Contract
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22285 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Frontpage Manager
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22304 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Freshmail For Wordpress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22143 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpspellcheck
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0589 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-23637 MEDIUM PATCH This Month

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Octoprint
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-22291 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Browser Theme Color
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-22136 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons - Widgets, Blocks, Templates Library For Elementor Builder.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Droit Elementor Addons Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0836 MEDIUM PATCH This Month

The WordPress Review & Structure Data Schema Plugin - Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Review Schema
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy