Lucene search
+L

463 matches found

Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.14 views

PT-2024-16419 · WordPress · Woocommerce Support Ticket System

Name of the Vulnerable Software and Affected Versions: WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.7 Description: The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validati...

9.8CVSS8.3AI score0.00996EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2024/09/19 2:15 p.m.6 views

CVE-2024-7785

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...

9.3CVSS5.8AI score0.00414EPSS
Exploits0References3
NVD
NVD
added 2024/09/19 2:15 p.m.12 views

CVE-2024-7785

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...

9.3CVSS0.00414EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/19 1:30 p.m.11 views

CVE-2024-7785 Reflected XSS in Ece Software's Electronic Ticket System

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...

9.3CVSS5.8AI score0.00414EPSS
Exploits0References2
CVE
CVE
added 2024/09/19 1:30 p.m.41 views

CVE-2024-7785

CVE-2024-7785 affects Ece Software Electronic Ticket System. The issue is a Reflected XSS caused by improper input neutralization during web page generation, limiting impact to systems before 2024.08. The provided documents do not specify exploitation status, affected versions beyond the stated t...

9.3CVSS5.8AI score0.00414EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/19 1:30 p.m.21 views

CVE-2024-7785 Reflected XSS in Ece Software's Electronic Ticket System

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...

9.3CVSS0.00414EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.2 views

Ece Electronic Ticket System 跨站脚本漏洞

Ece Electronic Ticket System is an electronic ticket system from Ece Corporation. A cross-site scripting vulnerability exists in the Ece Electronic Ticket System that stems from improper input neutralization during web page generation...

9.3CVSS6.2AI score0.00414EPSS
Exploits0References2
OSV
OSV
added 2024/08/26 9:15 a.m.5 views

UBUNTU-CVE-2024-43443

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Edition allows Cross-Site Scripting XSS within the Process Management targeting other admins. This issue affects: OTRS from 7.0.X through 7.0....

4.9CVSS5.8AI score0.00355EPSS
Exploits0References3
OSV
OSV
added 2024/08/26 9:15 a.m.4 views

UBUNTU-CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

8.2CVSS5.7AI score0.00376EPSS
Exploits0References3
OSV
OSV
added 2024/08/23 3:15 p.m.3 views

CVE-2024-42765

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters...

9.8CVSS6.1AI score0.00694EPSS
Exploits1References2
NVD
NVD
added 2024/08/23 3:15 p.m.14 views

CVE-2024-42766

Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php...

5.4CVSS0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/23 12:0 a.m.12 views

CVE-2024-42766

Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php...

6.9AI score0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/23 12:0 a.m.18 views

CVE-2024-42765

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters...

8.8AI score0.00694EPSS
Exploits1References2
CVE
CVE
added 2024/08/23 12:0 a.m.55 views

CVE-2024-42764

CVE-2024-42764 affects Kashipara Bus Ticket Reservation System v1.0. The public details show a CSRF vulnerability in /deleteTicket.php that allows forging requests without user interaction, aligning with a network-based attack vector. The CVE metrics describe low confidentiality impact but high i...

9.4CVSS7.3AI score0.00299EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/08/23 12:0 a.m.58 views

CVE-2024-42766

Kashipara Bus Ticket Reservation System v1.0.0 is reported vulnerable to Incorrect Access Control via the /deleteTicket.php endpoint, enabling unauthorized actions such as deleting bookings. The root cause is broken access control; the impact is access/modify/admin actions outside the intended pe...

5.4CVSS7.1AI score0.00296EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/22 9:15 p.m.5 views

CVE-2024-42761

A Stored Cross Site Scripting XSS vulnerability was found in "/adminschedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter...

6.1CVSS6.1AI score0.00444EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.8 views

PT-2024-30132 · Unknown · Kashipara Bus Ticket Reservation System

Name of the Vulnerable Software and Affected Versions: Kashipara Bus Ticket Reservation System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/history.php" endpoint, allowing remote attackers to execute arbitrary code via the Name, Phone, and Email parameter...

5.4CVSS6.8AI score0.00415EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/08/03 12:0 a.m.7 views

Ticket Reservation System SQL注入漏洞

Ticket Reservation System is itsourcecode open source ticket reservation system. Ticket Reservation System version 1.0 has a SQL injection vulnerability, the vulnerability stems from the prefSeatid parameter of the listtickets.php file contains a SQL injection vulnerability...

7.2CVSS5.8AI score0.00613EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/06/08 3:4 a.m.7 views

SUSE CVE-2024-23793

The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...

6.3CVSS7AI score0.00776EPSS
Exploits0References3
OSV
OSV
added 2024/06/06 7:15 p.m.5 views

UBUNTU-CVE-2024-23793

The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...

6.3CVSS6AI score0.00776EPSS
Exploits0References3
Rows per page
Query Builder