13693 matches found
CVE-2024-41348
openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/alsearch.php...
CVE-2024-41347
openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...
PT-2024-29363
Name of the Vulnerable Software and Affected Versions OpenFlights commit 5234b5b Description The issue is a Cross-Site Scripting XSS vulnerability found in the php/trip.php file. This allows for malicious scripts to be injected into the website, potentially leading to unauthorized access or...
PT-2024-29365
Name of the Vulnerable Software and Affected Versions openflights commit 5234b5b Description The issue is related to Cross-Site Scripting XSS via the php/settings.php file. This allows for potential malicious script execution. No information is provided about the estimated number of affected...
CVE-2024-41350
bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting XSS via Public/statics/umeditor123/php/imageUp.php...
CVE-2024-41346
openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/submit.php...
CVE-2024-41347
The CVE-2024-41347 entry concerns openflights with an XSS vulnerability in php/settings.php, identified in commit 5234b5b. The vulnerability is described as Cross-Site Scripting via php/settings.php, affecting the openflights project (commit 5234b5b). The available data indicate a Medium CVSS v3....
CVE-2024-41345
CVE-2024-41345 concerns the OpenFlights project. Multiple connected sources confirm that commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via the file php/trip.php . The CVE entry notes vulnerable behavior and provides no explicit details on affected versions beyond the commit reference...
CVE-2024-41346
OpenFlights, version 5234b5b, is affected by a Cross-Site Scripting (XSS) vulnerability exploitable via the php/submit.php endpoint. Root cause is an XSS issue in that endpoint, as reported across multiple sources (e.g., OpenFlights commit 5234b5b and Red Hat/NVD entries). The CVE details show ME...
CVE-2024-45059 Authenticated SQL Injection in i-Educar
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...
kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion
This CVE involves a flaw in the Linux kernel's nftables component, part of the Netfilter framework used for packet filtering and firewall functionalities. The vulnerability arises when a table's dormant flag is updated while there's a pending deletion of a base chain. In such cases, the...
GHSA-PP84-V3MW-GG4W Taipy 3.1.1 affected by CVEs on flask-core and pymongo
Summary Indirect CVEs affect Taipy 3.1.1 Details Taipy 3.1.1 is affected by two existing CVEs: CVE-2024-1681 affects flask-core =3.1.2 and on major releases: =4.0.0 Impact pre-commit breaks when using dependency Taipy 3.1.1...
Taipy 3.1.1 affected by CVEs on flask-core and pymongo
Summary Indirect CVEs affect Taipy 3.1.1 Details Taipy 3.1.1 is affected by two existing CVEs: CVE-2024-1681 affects flask-core =3.1.2 and on major releases: =4.0.0 Impact pre-commit breaks when using dependency Taipy 3.1.1...
CVE-2024-44797
A cross-site scripting XSS vulnerability in the component /managers/enablerequests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter...
CVE-2024-44795
A cross-site scripting XSS vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...
CVE-2024-44793
A cross-site scripting XSS vulnerability in the component /managers/multiplefreeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter...
CVE-2024-43895
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-44795
A cross-site scripting XSS vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...
CVE-2024-44793
A cross-site scripting XSS vulnerability in the component /managers/multiplefreeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter...
CVE-2024-44795
Gazelle (commit 63b3370) contains a cross-site scripting (XSS) vulnerability in the /login/disabled.php component, allowing an attacker to inject script/HTML via the username parameter. Affected file/component is clearly identified, with exploitation described as arbitrary web script execution. M...