CVE-2024-37447

CVE-2024-37447

Título es
CVE-2024-37447

Dom, 21/07/2024 – 23:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-37447

Descripción en
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 9.6.1.1.

22/07/2024
22/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
5.90

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://patchstack.com/database/vulnerability/pixelyoursite/wordpress-pixelyoursite-your-smart-pixel-tag-api-manager-plugin-9-6-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37446

    CVE-2024-37446

    Título es
    CVE-2024-37446

    Dom, 21/07/2024 – 23:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37446

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Chained Quiz allows Stored XSS.This issue affects Chained Quiz: from n/a through 1.3.2.8.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/chained-quiz/wordpress-chained-quiz-plugin-1-3-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-6963

    CVE-2024-6963

    Título es
    CVE-2024-6963

    Lun, 22/07/2024 – 00:15

    Tipo
    CWE-121

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-6963

    Descripción en
    A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md

  • https://vuldb.com/?ctiid_272117=

  • https://vuldb.com/?id_272117=

  • https://vuldb.com/?submit_374584=

    • Enviar en el boletín
    Off

    CVE-2024-6962

    CVE-2024-6962

    Título es
    CVE-2024-6962

    Lun, 22/07/2024 – 00:15

    Tipo
    CWE-121

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-6962

    Descripción en
    A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formQosSet.md

  • https://vuldb.com/?ctiid_272116=

  • https://vuldb.com/?id_272116=

  • https://vuldb.com/?submit_374583=

    • Enviar en el boletín
    Off

    CVE-2024-38786

    CVE-2024-38786

    Título es
    CVE-2024-38786

    Dom, 21/07/2024 – 21:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-38786

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.This issue affects CoziPress: from n/a through 1.0.30.

    21/07/2024
    21/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/cozipress/wordpress-cozipress-theme-1-0-30-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37461

    CVE-2024-37461

    Título es
    CVE-2024-37461

    Dom, 21/07/2024 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37461

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.65.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/vulnerability/ideapush/wordpress-ideapush-plugin-8-65-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37460

    CVE-2024-37460

    Título es
    CVE-2024-37460

    Dom, 21/07/2024 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37460

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SuperSaaS SuperSaaS – online appointment scheduling allows Stored XSS.This issue affects SuperSaaS – online appointment scheduling: from n/a through 2.1.9.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/supersaas-appointment-scheduling/wordpress-supersaas-online-appointment-scheduling-plugin-2-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37459

    CVE-2024-37459

    Título es
    CVE-2024-37459

    Dom, 21/07/2024 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37459

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/vulnerability/payplus-payment-gateway/wordpress-payplus-payment-gateway-plugin-6-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37485

    CVE-2024-37485

    Título es
    CVE-2024-37485

    Dom, 21/07/2024 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37485

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vinny Alves (UseStrict Consulting) bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/vulnerability/bbpress-notify-nospam/wordpress-bbpress-notify-no-spam-plugin-2-18-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37480

    CVE-2024-37480

    Título es
    CVE-2024-37480

    Dom, 21/07/2024 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37480

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.3.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off