CVE-2024-6075

CVE-2024-6075

Título es
CVE-2024-6075

Lun, 15/07/2024 – 06:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-6075

Descripción en
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

15/07/2024
15/07/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://wpscan.com/vulnerability/b0e2658a-b075-48b6-a9d9-e141194117fc/

    • Enviar en el boletín
    Off

    CVE-2024-6074

    CVE-2024-6074

    Título es
    CVE-2024-6074

    Lun, 15/07/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6074

    Descripción en
    The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

    15/07/2024
    15/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/e518af46-cb8e-43ff-a7c1-5300b36d9113/

    • Enviar en el boletín
    Off

    CVE-2024-6072

    CVE-2024-6072

    Título es
    CVE-2024-6072

    Lun, 15/07/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6072

    Descripción en
    The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

    15/07/2024
    15/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/1d8a344b-37e9-41e8-9de0-c67b7ca8e21b/

    • Enviar en el boletín
    Off

    CVE-2024-6073

    CVE-2024-6073

    Título es
    CVE-2024-6073

    Lun, 15/07/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6073

    Descripción en
    The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

    15/07/2024
    15/07/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/f04994bc-9eef-46de-995b-8598f7a749c4/

    • Enviar en el boletín
    Off

    CVE-2024-39736

    CVE-2024-39736

    Título es
    CVE-2024-39736

    Lun, 15/07/2024 – 02:15

    Tipo
    CWE-644

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39736

    Descripción en
    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.

    15/07/2024
    15/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://exchange.xforce.ibmcloud.com/vulnerabilities/296003

  • https://www.ibm.com/support/pages/node/7160185

    • Enviar en el boletín
    Off

    CVE-2024-39739

    CVE-2024-39739

    Título es
    CVE-2024-39739

    Lun, 15/07/2024 – 02:15

    Tipo
    CWE-918

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39739

    Descripción en
    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008.

    15/07/2024
    15/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://exchange.xforce.ibmcloud.com/vulnerabilities/296008

  • https://www.ibm.com/support/pages/node/7160185

    • Enviar en el boletín
    Off

    CVE-2024-39737

    CVE-2024-39737

    Título es
    CVE-2024-39737

    Lun, 15/07/2024 – 02:15

    Tipo
    CWE-209

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39737

    Descripción en
    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004.

    15/07/2024
    15/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://exchange.xforce.ibmcloud.com/vulnerabilities/296004

  • https://www.ibm.com/support/pages/node/7160185

    • Enviar en el boletín
    Off

    CVE-2024-39741

    CVE-2024-39741

    Título es
    CVE-2024-39741

    Lun, 15/07/2024 – 03:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39741

    Descripción en
    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.

    15/07/2024
    15/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://exchange.xforce.ibmcloud.com/vulnerabilities/296010

  • https://www.ibm.com/support/pages/node/7160185

    • Enviar en el boletín
    Off

    CVE-2024-39740

    CVE-2024-39740

    Título es
    CVE-2024-39740

    Lun, 15/07/2024 – 03:15

    Tipo
    CWE-497

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39740

    Descripción en
    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.

    15/07/2024
    15/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://exchange.xforce.ibmcloud.com/vulnerabilities/296009

  • https://www.ibm.com/support/pages/node/7160185

    • Enviar en el boletín
    Off

    CVE-2024-39735

    CVE-2024-39735

    Título es
    CVE-2024-39735

    Lun, 15/07/2024 – 03:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39735

    Descripción en
    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002.

    15/07/2024
    15/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://exchange.xforce.ibmcloud.com/vulnerabilities/296002

  • https://www.ibm.com/support/pages/node/7160185

    • Enviar en el boletín
    Off