CVE-2024-25036

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields...

CVE-2024-25036

The CVE-2024-25036 entry concerns IBM Cognos Controller versions 11.0.0 and 11.0.1. Affected component/process: input field restrictions. Root cause: authenticated user with local access could bypass security to circumvent input-field restrictions. Impact: authenticated, local attackers may bypas...

CVE-2024-25036 IBM Cognos Controller authentication bypass

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields...

CVE-2024-25036 IBM Cognos Controller authentication bypass

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields...

CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handledownloads function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with...

WordPress plugin Product Input Fields for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

WordPress Product Input Fields for WooCommerce plugin <= 1.9 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by 1337Wannabe in WordPress Plugin Product Input Fields for WooCommerce versions = 1.9...

WordPress Product Input Fields for WooCommerce Plugin <= 1.9 is vulnerable to Path Traversal

Software Product Input Fields for WooCommerce Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10857 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1aed7531d6f7 Credits 1337Wannabe Required...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper filtering of file contents used in generating reports from the general-template.md template. An attacker can execute arbitrary commands on the host by injecting malicious scripts into the inp...

CVE-2024-31973

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name SSID' input fields to the /index.htmlwirelessbasic page...

PT-2024-31651 · Unknown · Manu225 Flipping Cards

Name of the Vulnerable Software and Affected Versions: Manu225 Flipping Cards versions n/a through 1.30 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: Fo...

CVE-2024-31416

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result...

CVE-2024-31416

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result...

CVE-2024-31416

The CVE-2024-31416 entry concerns Eaton Foreseer. The vulnerability arises from input fields in the software that allow configuration (e.g., alarms, reports) where length/bounds checks are missing. Root cause: insufficient validation of user-entered values in configurable fields, which can lead t...

CVE-2024-31416

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result...

CVE-2024-44728

Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact in /clientdetails/admin/regester.php...

PT-2024-31211 · Tpmecms · Tpmecms

Name of the Vulnerable Software and Affected Versions: TpMeCMS version 1.3.3.2 Description: The issue is related to Cross Site Scripting XSS in the /h.php/page?ref=addtabs endpoint, specifically via the Title, Images, and Content fields. This allows for potential malicious script injection...

PT-2024-30132 · Unknown · Kashipara Bus Ticket Reservation System

Name of the Vulnerable Software and Affected Versions: Kashipara Bus Ticket Reservation System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/history.php" endpoint, allowing remote attackers to execute arbitrary code via the Name, Phone, and Email parameter...

CVE-2024-40324

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return CR and Line Feed LF characters into input fields, leading to HTTP response splitting and header manipulation...

eSkooly Security Vulnerabilities

eSkooly is a free online school management software from eSkooly, Inc. A security vulnerability exists in eSkooly 3.0 and prior versions that stems from a cross-site scripting vulnerability that allows remote attackers to execute arbitrary code via message sending and user input fields...