5 matches found
CVE-2024-37472
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.8...
CVE-2024-43234
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14...
CVE-2024-37471
CVE-2024-37471 is a reflected XSS vulnerability in Woffice Core (WordPress plugin) affecting Woffice Core versions up to 5.4.8. The CVE entry, including references, notes the issue as Reflected XSS and indicates it has been patched. In practice, exploited input could affect users visiting a craft...
CVE-2024-37472 WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8...
CVE-2024-37472
CVE-2024-37472 is a reflected XSS in Woffice Core / Woffice CRM affecting Woffice versions up to 5.4.8. The issue allows injection of script in victims’ browsers and requires user interaction. Patch availability: latest fixed version stated as 5.4.8; CVSS base score and details vary by source.