Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 12:54 a.m.9 views

CVE-2024-37472

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.8...

7.1CVSS5.9AI score0.00333EPSS
Exploits0References1
OSV
OSV
added 2024/12/16 4:15 p.m.4 views

CVE-2024-43234

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14...

9.8CVSS5.8AI score0.00647EPSS
Exploits0References1
CVE
CVE
added 2024/07/04 6:57 p.m.64 views

CVE-2024-37471

CVE-2024-37471 is a reflected XSS vulnerability in Woffice Core (WordPress plugin) affecting Woffice Core versions up to 5.4.8. The CVE entry, including references, notes the issue as Reflected XSS and indicates it has been patched. In practice, exploited input could affect users visiting a craft...

7.1CVSS6.3AI score0.00288EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/04 6:48 p.m.17 views

CVE-2024-37472 WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8...

7.1CVSS6AI score0.00333EPSS
Exploits0References1
CVE
CVE
added 2024/07/04 6:48 p.m.75 views

CVE-2024-37472

CVE-2024-37472 is a reflected XSS in Woffice Core / Woffice CRM affecting Woffice versions up to 5.4.8. The issue allows injection of script in victims’ browsers and requires user interaction. Patch availability: latest fixed version stated as 5.4.8; CVSS base score and details vary by source.

7.1CVSS5.9AI score0.00333EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder