User Registration, Login & Landing Pages – LeadMagic Security Vulnerabilities
CVE-2024-5121 SourceCodester Event Registration System cross site scripting
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be.....
3.5CVSS
3.8AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient...
6.4CVSS
5.8AI Score
0.0004EPSS
CVE-2024-31981 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically...
9.9CVSS
7.6AI Score
0.0004EPSS
HP Power Manager Management Web Server Login RCE Vulnerability
HP Power Manager is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied...
6.2AI Score
0.623EPSS
Keycloak Denial of Service via account lockout
In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...
7.1AI Score
Keycloak Denial of Service via account lockout
In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...
7.1AI Score
Use Of A Key Past Its Expiration Date
moodle/moodle is vulnerable to Use of a Key Past its Expiration Date. The vulnerability is caused due to improper key generation, as the same key is used interchangeably for a user's QR login key and their auto-login key. This allows an attacker to exploit the same key used interchangeably for a...
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a through...
5.9CVSS
6.6AI Score
0.0004EPSS
CVE-2024-5121 SourceCodester Event Registration System cross site scripting
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be.....
3.5CVSS
6.2AI Score
0.0004EPSS
CVE-2024-5065 PHPGurukul Online Course Registration System sql injection
A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
7.3CVSS
7.6AI Score
0.0004EPSS
CVE-2024-5117 SourceCodester Event Registration System portal.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file portal.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit.....
7.3CVSS
7.3AI Score
0.0004EPSS
Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF...
6.6AI Score
0.0005EPSS
F5 Networks BIG-IQ Configuration Utility Login Page Detection
The configuration utility login page for F5 Networks BIG-IQ was detected on the remote host. BIG-IQ is a product for managing BIG-IP...
1.6AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: configmap-reload, k8sgpt, dagger, k8ssandra-operator, nri-cassandra, http-echo, gobump, aws-load-balancer-controller, grpcurl, logstash, protoc-gen-go, postgres-operator, neuvector-sigstore-interface, flannel, velero-plugin-for-csi, speedtest-go,...
7.5AI Score
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
7.2CVSS
7AI Score
0.0005EPSS
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...
5.4CVSS
5.2AI Score
0.001EPSS
Apache Answer Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...
7.2AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
invenio_communities is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to inadequate sanitization of the Affiliations field during the account registration process, allowing attackers to inject and execute malicious...
6.6AI Score
CVE-2024-5123 SourceCodester Event Registration System cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file /registrar/. The manipulation of the argument searchbar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has.....
4.3CVSS
4.4AI Score
0.0004EPSS
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...
5.4CVSS
5.8AI Score
0.001EPSS
5.3CVSS
7.4AI Score
0.001EPSS
KeyCloak - Information Exposure
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this...
6.5CVSS
6.4AI Score
0.117EPSS
Nessus was able to successfully authenticate to the remote IBM iSeries server via the as-signon service using the IBM iSeries credentials that were provided in the scan...
2.8AI Score