PT-2024-36163 · Themeum · Wp Mega Menu

Name of the Vulnerable Software and Affected Versions: WP Mega Menu versions 1.4.2 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in Themeum WP Mega Menu. Recommendations: For WP Mega Menu versions 1.4.2 and earlier, update to a...

PT-2024-36192 · Unknown · Gou Manage My Account Menu

Name of the Vulnerable Software and Affected Versions: Gou Manage My Account Menu versions 1.0.1.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This means that...

CVE-2024-36498

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

CVE-2024-36498

Image Access Scan2Net (Image Access Germany) is affected by a stored XSS vulnerability in the configuration menu’s Edit Disclaimer Text function due to missing input sanitization. The stored JavaScript payload executes in users’ browsers (including kiosk mode) when the ScanWizard loads. A fix was...

CVE-2024-47947 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

CVE-2024-28142 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

CVE-2024-28142 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

PT-2024-32909 · Unknown · Scanwizard

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to missing input sanitization, allowing an attacker to perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit...

WordPress Advance Menu Manager plugin <= 3.1.1 - Settings Change vulnerability

Settings Change vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Advance Menu Manager versions = 3.1.1...

WordPress Gou Manage My Account Menu plugin <= 1.0.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Gou Manage My Account Menu versions = 1.0.1.8...

WordPress WP Mega Menu plugin <= 1.4.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Mega Menu versions = 1.4.2...

CVE-2024-12353

A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking...

CVE-2024-12354 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow

A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. T...

CVE-2024-12353 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation

A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking...

CVE-2024-12353 SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation

A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking...

SourceCodester Phone Contact Manager System 安全漏洞

SourceCodester Phone Contact Manager System is an open source phone contact management system from SourceCodester. A security vulnerability exists in SourceCodester Phone Contact Manager System version 1.0, which is caused by a buffer overflow issue in the UserInterface::MenuDisplayStart function...

PT-2024-17562 · Sourcecodester · Sourcecodester Phone Contact Manager System

Name of the Vulnerable Software and Affected Versions: SourceCodester Phone Contact Manager System version 1.0 Description: The issue is related to insufficient input validation, which can allow an attacker to execute arbitrary code. It affects the function UserInterface::MenuDisplayStart of the...

PT-2024-17563 · Sourcecodester · Sourcecodester Phone Contact Manager System

Name of the Vulnerable Software and Affected Versions: SourceCodester Phone Contact Manager System version 1.0 Description: The issue is related to a buffer overflow in memory. It is possible to launch the attack on the local host. The manipulation of the UserInterface::MenuDisplayStart function ...

CVE-2024-7894

The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license...

CVE-2024-7894 If Menu <= 0.19.1 - Missing Authorization to License Key Update

The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license...