PHP Point of Sale 跨站脚本漏洞

PHP Point of Sale is an online sales point system for small retail businesses managed by PHP Point of Sale Inc. Version PHP Point of Sale v19.4 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the startdateformatted and enddateformatted...

CVE-2024-36397 Vantiva - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2024-36397

CVE-2024-36397 affects Vantiva MediaAccess DGA2232 v19.4. The issue is CWE-79 (Cross-site Scripting) caused by improper neutralization of input during web page generation in the affected software. Reported metrics place the severity at CVSS v3.1 base score 6.1 (MEDIUM) with network attack vector,...

Authorization

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data...