CVE-2024-51065

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter...

Grafana org admin can delete pending invites in different org

Organization admins can delete pending invites created in an organization they are not part of...

GHSA-66C4-2G2V-54QW Grafana org admin can delete pending invites in different org

Organization admins can delete pending invites created in an organization they are not part of...

WordPress WP Abstracts Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Abstracts Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-50411 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6551529121f6 Credits UKO Required privilege Administrato...

Exploit for Cross-site Scripting in Netgate Pfsense

This post is a research article published by EQSTLabhttps://g...

CVE-2024-48570

Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php...

PT-2024-33187 · Unknown · Collabtive

Name of the Vulnerable Software and Affected Versions: Collabtive version 3.1 Description: The issue concerns Cross-site scripting XSS via the name parameter. This occurs under specific conditions: a when action equals add or action equals edit within the managemilestone.php file, and b when acti...

CVE-2024-46238

Multiple Cross Site Scripting XSS vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php...

K000141080: BIG-IQ vulnerability CVE-2024-47139

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IQ user interface that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user. CVE-2024-47139 Impact An authenticated...

CVE-2024-48622

A cross-site scripting XSS issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter...

CVE-2024-48283

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter...

CVE-2024-45733

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE due to an insecure session storage configuration...

CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

CVE-2024-5968 Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS

The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-5968 Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS

The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

Hikvision IP Camera Cross Site Request Forgery

============================================================================================================================================= | Title : Hikvision IP Camera CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64...

CVE-2024-45932

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting XSS via the organization name field in /admin/contacts/organizations/edit/2...

Printing Business Records Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Printing Business Records Management System v1.0 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Devic...

CVE-2024-47524

Summary of CVE-2024-47524 (LibreNMS) : The vulnerability affects LibreNMS where an Admin can create a Device Group and the input is not properly sanitized in the Device Group name. As a result, viewing the Device Group detail can trigger injected JavaScript, i.e., a stored XSS vulnerability. This...