CVE-2024-4823 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/officeadmin/' in the parameters esbankacc, esbankname, esbankpin, escheckno, estellernumber, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially...

CVE-2024-4823

CVE-2024-4823 affects School ERP Pro+Responsive 1.0. The XSS flaw occurs in the index path /schoolerp/office_admin/ via parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1, and dc2. An authenticated user can receive a crafted JavaScript payload, enabling partial br...

CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

PT-2024-33031 · Unknown · School Erp Pro+Responsive

Name of the Vulnerable Software and Affected Versions: School ERP Pro+Responsive version 1.0 Description: The issue allows an attacker to partially take control of the victim's browser session through a cross-site scripting XSS attack. This is achieved by exploiting the username and password...

CVE-2024-4591 DedeCMS sys_group_add.php cross-site request forgery

A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sysgroupadd.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may b...

CVE-2024-4588

A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytagadd.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2024-4587

A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be use...

CVE-2024-4584

CVE-2024-4584 affects Faraday GM8181 and GM828x up to 20240429. The vulnerability concerns an unknown function in the /command_port.ini file that enables information disclosure and can be exploited remotely; multiple sources confirm the issue and public exploit disclosure, with vendor contact not...

CVE-2024-4510

Ruijie RG-UAC up to 20240428 is affected by an OS command injection in the file /view/networkConfig/ArpTable/arp_add_commit.php, triggered by manipulating the text_ip_addr/text_mac_addr arguments. Exploitation can occur remotely and has been disclosed publicly. Effective root cause: improper hand...

CVE-2024-4502

Ruijie RG-UAC (up to 20240428) contains an OS command injection in the file /view/dhcp/dhcpClient/dhcp_client_commit.php via manipulation of the ifName argument. This affects the product’s DHCP client handling and can be triggered remotely. PUBLIC disclosure/exploit has been noted. The precise af...

CVE-2024-4491

CVE-2024-4491 affects Tenda i21 1.0.0.14(4656). The vulnerability is in the function formGetDiagnoseInfo, where improper validation of the cmdinput parameter leads to a stack-based buffer overflow. It can be triggered remotely, and the exploit has been publicly disclosed. Reported impacts include...

CVE-2023-25457 WordPress Slider Carousel – Responsive Image Slider plugin <=1.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1...

CVE-2023-25457 WordPress Slider Carousel – Responsive Image Slider plugin <=1.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1...

CVE-2024-3637

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-3637 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

PT-2024-12060 · Unknown · Richteam Slider Carousel – Responsive Image Slider

Name of the Vulnerable Software and Affected Versions: Richteam Slider Carousel – Responsive Image Slider versions 1.5.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Richteam Slider Carousel – Responsive Image Slider. Recommendations: For versions...

PT-2024-18026 · WordPress · Responsive Contact Form Builder & Lead Generation Plugin

Name of the Vulnerable Software and Affected Versions: The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions prior to 1.8.9 Description: The issue allows unauthorized access to functionality due to a missing capability check on several functions. This makes it...

WordPress Photo Gallery – Responsive Photo Gallery Plugin <= 1.4.2 is vulnerable to PHP Object Injection

Software Photo Gallery – Responsive Photo Gallery Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1896 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 9cc31de9b6ad Credits Francesco...

CVE-2024-4256

Techkshetra Info Solutions Savsoft Quiz 6.0 has a cross-site scripting (XSS) vulnerability in the Category Page editCategory function (/public/index.php/Qbank/editCategory). The issue arises from manipulating the category_name parameter with input like &gt;, which allows script execution in the c...