Skip to main content
CVE-2024-32344 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsimple
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-30988 MEDIUM POC This Month

Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Client Management System
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-30987 MEDIUM POC This Month

Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Client Management System
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-32290 MEDIUM POC This Month

Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-30986 MEDIUM POC This Month

Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Client Management System
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-32316 MEDIUM POC This Month

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-32311 MEDIUM POC This Month

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1203 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-32287 MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-32313 MEDIUM POC This Month

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-32163 MEDIUM POC This Month

CMSeasy 7.7.7.9 is vulnerable to code execution. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

RCE Path Traversal Cmseasy
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-32288 MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-32472 MEDIUM POC PATCH This Month

excalidraw is an open source virtual hand-drawn style whiteboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-32343 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boidcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-32342 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boidcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-32339 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-32337 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-30953 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Htmly
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-30951 MEDIUM POC This Month

FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3847 MEDIUM POC This Month

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome Fedora
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-3841 MEDIUM POC This Month

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-32745 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-32320 MEDIUM POC This Month

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-30979 MEDIUM POC This Month

Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Cyber Cafe Management System
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-2118 MEDIUM POC This Month

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Media Share Buttons Social Sharing Icons
NVD WPScan
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-32306 MEDIUM POC This Month

Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-32312 MEDIUM POC This Month

Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-2101 MEDIUM POC This Month

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Salon Booking System
NVD WPScan
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-32743 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-32341 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-32338 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-30989 MEDIUM POC This Month

Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname",. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Client Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1219 MEDIUM POC This Month

The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Social Feed
NVD WPScan
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0868 MEDIUM POC This Month

The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Coreactivity
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-2309 MEDIUM POC This Month

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Staging
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-2102 MEDIUM POC This Month

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Salon Booking System
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-32746 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2024-32744 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-32162 MEDIUM POC This Month

CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cmseasy
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-3846 MEDIUM POC This Month

Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-3845 MEDIUM POC This Month

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2024-3844 MEDIUM POC This Month

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-3843 MEDIUM POC This Month

Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-36505 MEDIUM This Month

Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.6.24. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ninja Forms
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-22440 MEDIUM This Month

A potential security vulnerability has been identified in HPE Compute Scale-up Server 3200 server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-26828 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Integer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2024-32457 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The CSSIgniter Team Elements Plus!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32526 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flector Easy Textillate allows Stored XSS.02. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32539 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomUnited WP File Download Light allows Stored XSS.3.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32508 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dethemekit For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32456 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra allows Stored XSS.8.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Envo Extra
NVD
CVSS 3.1
6.5
EPSS
0.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy