CVE-2024-21731

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method...

CVE-2024-21730

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

CVE-2024-21731

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method...

CVE-2024-26278

The Custom Fields component not correctly filter inputs, leading to a XSS vector...

CVE-2024-21730

CVE-2024-21730 describes a self-XSS in Joomla! core tied to the fancyselect list field layout, where inputs are not properly escaped. The vulnerability enables a self-XSS vector and requires user interaction for exploitation (per CVSS: UI:R, I:L, C:L). Reports consistently identify this as part o...

CVE-2024-26278 [20240705] - Core - XSS in com_fields default field value

The Custom Fields component not correctly filter inputs, leading to a XSS vector...

CVE-2024-26278

CVE-2024-26278 impacts Joomla! (Custom Fields component) where inputs are not properly filtered, enabling a cross-site scripting (XSS) vector via com_fields default field values. This is corroborated by multiple sources (NVD/NVD-linked data, Red Hat advisory, OSV, CVE listings, and Nessus/NASL su...

CVE-2024-21731 [20240703] - Core - XSS in StringHelper::truncate method

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method...

CVE-2024-21731 [20240703] - Core - XSS in StringHelper::truncate method

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method...

CVE-2024-21731

CVE-2024-21731 concerns Joomla core: StringHelper::truncate allows improper input handling that can enable an XSS vector. Multiple connected sources (NVD, OSV, Red Hat, JOOMLA advisories) confirm the issue as a core XSS vulnerability affecting Joomla versions exposed in the references. The root c...

CVE-2024-5648

The LearnDash LMS – Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. wrldsetconfiguration, wrldexcludesettingssave, applytimetrackingsettings, wpajaxwrldgutenbergblockvisit, etc.. in all versions up to, and...

git: additional local RCE

A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution...

Personal Management System security breach

Personal Management System is a web application for managing personal data by Dariusz Personal Developer. A security vulnerability exists in Personal Management System version 1.4.64, which stems from susceptibility to a stored cross-site scripting XSS attack that allows an attacker to upload an...

PT-2024-22858 · Unknown · Volmarg Personal Management System

Name of the Vulnerable Software and Affected Versions: Volmarg Personal Management System version 1.4.64 Description: The issue concerns stored cross site scripting XSS via the upload of an SVG file that contains embedded JavaScript code. This allows for the potential execution of malicious scrip...

DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server

This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.19.23, 8.5.10, 8.9.2 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) org.apache.commons:commons-compress Dependency in Confluence Data Center and Server

This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.19.23, 8.5.10, 8.9.2 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to insecure cryptographic algorithm and information disclosure due to DB2 JDBC Driver (CVE-2023-47152)

Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-47152 DESCRIPTION: IBM Db2 for Linux, UNIX...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache Camel (CVE-2024-22371)

Summary Apache Camel is shipped with IBM Tivoli Netcool Impact as part of the data provider interface in the GUI server. Information about a security vulnerability affecting Apache ActiveMQ has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-22371 DESCRIPTION: Apache...

The vulnerability of the Collection Preview component of the edu-sharing e-learning platform management system allows a perpetrator to execute arbitrary code or trigger a service failure.

The vulnerability of the Collection Preview component in the edu-sharing e-learning platform management system involves unlimited downloading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code using a specially created HTML file, or to...

WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability

Arbitrary SVG File Download vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Elementor Website Builder versions = 3.22.1...