agosto 2024 - Página 97 de 135

13 Ago 2024

CVE-2024-42377

Título es

CVE-2024-42377

Mar, 13/08/2024 – 04:15

Tipo

CWE-862

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-42377

Descripción en

SAP shared service framework allows an
authenticated non-administrative user to call a remote-enabled function, which
will allow them to insert value entries into a non-sensitive table, causing low
impact on integrity of the application

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://me.sap.com/notes/3474590

https://url.sap/sapsecuritypatchday

Enviar en el boletín

Off

13 Ago 2024

CVE-2024-43139

Título es

CVE-2024-43139

Lun, 12/08/2024 – 23:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43139

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9.

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/football-pool/wordpress-football-pool-plugin-2-11-9-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

13 Ago 2024

CVE-2024-43137

Título es

CVE-2024-43137

Lun, 12/08/2024 – 23:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43137

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4.

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

5.90

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-basic-plugin-6-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

13 Ago 2024

CVE-2024-43133

Título es

CVE-2024-43133

Lun, 12/08/2024 – 23:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43133

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1.

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/themify-shortcodes/wordpress-themify-shortcodes-plugin-2-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

13 Ago 2024

CVE-2024-43130

Título es

CVE-2024-43130

Lun, 12/08/2024 – 23:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43130

Descripción en

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

5.90

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/football-pool/wordpress-football-pool-plugin-2-11-10-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

13 Ago 2024

CVE-2024-43150

Título es

CVE-2024-43150

Lun, 12/08/2024 – 23:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43150

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.4.2.

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/xpro-elementor-addons/wordpress-xpro-elementor-addons-plugin-1-4-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

13 Ago 2024

CVE-2024-43149

Título es

CVE-2024-43149

Lun, 12/08/2024 – 23:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43149

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.7.

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/enhanced-tooltipglossary/wordpress-cm-tooltip-glossary-plugin-4-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

12 Ago 2024

CVE-2024-43148

Título es

CVE-2024-43148

Lun, 12/08/2024 – 23:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43148

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3.

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

5.90

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/streamcast/wordpress-streamcast-2-2-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

12 Ago 2024

CVE-2024-43147

Título es

CVE-2024-43147

Lun, 12/08/2024 – 23:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-43147

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Merkulove Selection Lite allows Stored XSS.This issue affects Selection Lite: from n/a through 1.11.

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/selection-lite/wordpress-selection-lite-plugin-1-11-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

12 Ago 2024

CVE-2024-7706

Título es

CVE-2024-7706

Lun, 12/08/2024 – 23:15

Tipo

CWE-434

Gravedad v2.0

5.80

Gravedad 2.0 Txt

MEDIUM

Título en

CVE-2024-7706

Descripción en

A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

13/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0

AV:N/AC:L/Au:M/C:P/I:P/A:P

Gravedad 3.1 (CVSS 3.1 Base Score)

4.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/DeepMountains/Mirage/blob/main/CVE12-2.md

https://vuldb.com/?ctiid_274184=