6 matches found
CVE-2024-48533
CVE-2024-48533 affects eSoft Planner 3.24.08271-USA, where the Forgot your Login? module returns different responses for valid vs invalid email addresses, enabling username enumeration. Multiple sources (NVD, Red Hat, CNNVD, CVE lists) confirm the issue and its impact on account discovery. The co...
CVE-2024-48530
The CVE-2024-48530 vulnerability affects eSoft Planner, specifically the Instructor Appointment Availability module in version 3.24.08271-USA. A crafted POST request can cause a Denial of Service (DoS). The Red Hat/NVD/CNNVD/CVE lists corroborate this issue, but the connected documents do not pro...
CVE-2024-48534
The CVE-2024-48534 entry corresponds to a reflected cross-site scripting (XSS) vulnerability in the Camp Details module of eSoft Planner 3.24.08271-USA. Across sources (NVD, Red Hat, CNNVD, CVE records, PT- security, and enrichment feeds), the issue is described as an attacker injecting a crafted...
CVE-2024-48531
CVE-2024-48531 is a reflected XSS vulnerability in the Rental Availability module of eSoft Planner 3.24.08271-USA. The issue allows an attacker to execute arbitrary code in a user’s browser by injecting a crafted payload. The CVSS v3.1 base score is 5.4 (MEDIUM): Network vector, low attack comple...
CVE-2024-48535
CVE-2024-48535 describes a stored XSS vulnerability in eSoft Planner 3.24.08271-USA where an attacker can inject arbitrary web scripts/HTML via the Name parameter. Multiple sources (NVD, Red Hat, CNNVD, CVE listing, and related enrichments) confirm the same issue, classed as a stored XSS. The ava...
CVE-2024-48536
CVE-2024-48536 concerns an improper access control in the scheduling software eSoft Planner (v3.24.08271-USA). The vulnerability allows an attacker to view all company transactions by sending a crafted web request, as described across multiple sources (NVD/Red Hat/CNNVD/CVE lists). The underlying...