Skip to main content
CVE-2024-6957 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP University Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-6958 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode University Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload University Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6956 MEDIUM POC This Month

A vulnerability was found in itsourcecode University Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP University Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6955 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6954 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6953 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6952 MEDIUM POC This Month

A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP University Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6951 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Book Store System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6942 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6941 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6939 MEDIUM POC This Month

A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rockoa
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6938 MEDIUM POC This Month

A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Siyuan
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6940 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7.114. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Dedecms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.7%
CVE-2024-37519 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks - Gutenberg Blocks for WordPress premium-blocks-for-gutenberg.1.27. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-37495 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mischiefmarmot Create by Mediavine mediavine-create.9.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-37488 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso HelloAsso helloasso.1.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-37492 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutenberg Team Gutenberg allows Stored XSS.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-38434 MEDIUM This Month

Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function may allow security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38781 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Reflected XSS.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Copysafe Web Protection
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37485 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vinny Alves (UseStrict Consulting) bbPress Notify allows Reflected XSS.18.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bbpress Notify
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37461 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.65. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ideapush
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37459 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.6.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Payplus Payment Gateway
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38436 MEDIUM This Month

Commugen SOX 365 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sox 365
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37509 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maksekeskus AS MakeCommerce for WooCommerce allows Reflected XSS.5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Makecommerce For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37487 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpdirectorykit.Com WP Directory Kit allows Reflected XSS.3.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Directory Kit
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37559 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echenley Counterpoint allows Reflected XSS.8.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Counterpoint
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37449 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution revslider.7.13. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-6961 MEDIUM PATCH MAL This Month

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-37515 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.6.3. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-37457 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks - Gutenberg Blocks Plugin allows Stored XSS.1.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ultimate Blocks
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-38782 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Leaflet Maps Marker
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37480 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apollo13 Framework Extensions
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37466 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mega Elements
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37465 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Senol Sahin GPT3 AI Content Writer allows Stored XSS.8.66. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aipower
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37460 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SuperSaaS SuperSaaS - online appointment scheduling allows Stored XSS.1.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Supersaas
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38786 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.0.30. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cozipress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38785 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.9.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gutenverse
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37521 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zwwooooo zBench allows Stored XSS.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zbench
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37514 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArtistScope CopySafe Web Protection allows Stored XSS.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Copysafe Web Protection
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37512 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms - Ultimate Form Builder allows Stored XSS.5.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nex Forms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37507 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.3.57. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eventin
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37500 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.8.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Beaver Builder
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37489 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ocean Extra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37552 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Inisev Social Media & Share Icons allows Stored XSS.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Social Media Share Buttons Social Sharing Icons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37551 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Perials Simple Social Share allows Stored XSS.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Social Share
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37548 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Easy Ads Widget allows Stored XSS.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Meks Easy Ads Widget
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37545 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Floating Social Media Links
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37538 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thomas Kuhlmann Link To Bible allows Stored XSS.5.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Link To Bible
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37537 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UusWeb.Ee WS Contact Form allows Stored XSS.3.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ws Contact Form
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37536 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web357 Easy Custom Code (LESS/CSS/JS) - Live editing allows Stored XSS.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Custom Code
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy