CVE-2024-47847

CVE-2024-47847

Título es
CVE-2024-47847

Sáb, 05/10/2024 – 01:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-47847

Descripción en
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1.

05/10/2024
05/10/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063804

  • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063806

  • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063827

  • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063831

  • https://phabricator.wikimedia.org/T368628

  • https://phabricator.wikimedia.org/T372211

    • Enviar en el boletín
    Off

    CVE-2024-47846

    CVE-2024-47846

    Título es
    CVE-2024-47846

    Sáb, 05/10/2024 – 01:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47846

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki – Cargo allows Cross Site Request Forgery.This issue affects Mediawiki – Cargo: from 3.6.X before 3.6.1.

    05/10/2024
    05/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1062723

  • https://phabricator.wikimedia.org/T368628

  • https://phabricator.wikimedia.org/T372209

    • Enviar en el boletín
    Off

    CVE-2024-47845

    CVE-2024-47845

    Título es
    CVE-2024-47845

    Sáb, 05/10/2024 – 01:15

    Tipo
    CWE-116

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47845

    Descripción en
    Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki – CSS Extension allows Code Injection.This issue affects Mediawiki – CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

    05/10/2024
    05/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gerrit.wikimedia.org/r/q/I6f38f4a8fc1dcd690ab27b8f18ce6ca903bacc53

  • https://phabricator.wikimedia.org/T368594

  • https://phabricator.wikimedia.org/T368628

    • Enviar en el boletín
    Off

    CVE-2024-47840

    CVE-2024-47840

    Título es
    CVE-2024-47840

    Sáb, 05/10/2024 – 01:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47840

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki – Apex skin allows Stored XSS.This issue affects Mediawiki – Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

    05/10/2024
    05/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gerrit.wikimedia.org/r/q/Id9093783051c3f8e6dcb5dc89f9493a5f5cf7bd7

  • https://phabricator.wikimedia.org/T368628

  • https://phabricator.wikimedia.org/T370081

    • Enviar en el boletín
    Off

    CVE-2024-9455

    CVE-2024-9455

    Título es
    CVE-2024-9455

    Sáb, 05/10/2024 – 02:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9455

    Descripción en
    The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

    05/10/2024
    05/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://wordpress.org/plugins/wp-cleanup-and-basic-functions/#developers

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/28bdaf44-6f2c-440a-a96f-bdcd71fb7bea?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-9385

    CVE-2024-9385

    Título es
    CVE-2024-9385

    Sáb, 05/10/2024 – 02:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9385

    Descripción en
    The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

    05/10/2024
    05/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.6.2/classes/class-themify-builder-model.php#L1121

  • https://plugins.trac.wordpress.org/changeset/3162399/themify-builder/trunk/classes/class-themify-builder-model.php

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/a83e68e0-1b5b-4fd5-be00-37b8f11144c4?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-47841

    CVE-2024-47841

    Título es
    CVE-2024-47841

    Sáb, 05/10/2024 – 02:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47841

    Descripción en
    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki – CSS Extension allows Path Traversal.This issue affects Mediawiki – CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.

    05/10/2024
    05/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gerrit.wikimedia.org/r/q/I46613d8d50fc978bdac58e2b312ee03324c1edc8

  • https://phabricator.wikimedia.org/T368628

  • https://phabricator.wikimedia.org/T369486

    • Enviar en el boletín
    Off

    CVE-2024-9528

    CVE-2024-9528

    Título es
    CVE-2024-9528

    Sáb, 05/10/2024 – 03:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9528

    Descripción en
    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    05/10/2024
    05/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://plugins.trac.wordpress.org/browser/fluentform/tags/5.1.17/app/Services/FormBuilder/Components/BaseComponent.php#L191

  • https://plugins.trac.wordpress.org/browser/fluentform/tags/5.1.17/boot/globals.php#L342

  • https://plugins.trac.wordpress.org/changeset/3125227/

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed4dfee-5f14-47ce-abed-cd226c110665?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-47848

    CVE-2024-47848

    Título es
    CVE-2024-47848

    Sáb, 05/10/2024 – 00:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47848

    Descripción en
    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki – PageTriage allows Authentication Bypass.This issue affects Mediawiki – PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

    05/10/2024
    05/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://gerrit.wikimedia.org/r/q/I0288a715f7040a14ab7f70b2888fe1ef77a44588

  • https://phabricator.wikimedia.org/T366991

  • https://phabricator.wikimedia.org/T368628

    • Enviar en el boletín
    Off

    CVE-2024-43686

    CVE-2024-43686

    Título es
    CVE-2024-43686

    Vie, 04/10/2024 – 20:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-43686

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

    04/10/2024
    04/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.gruppotim.it/it/footer/red-team.html

  • https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-reflected-xss-vulnerability

    • Enviar en el boletín
    Off