Latest CVE Feed
-
8.8
CVSS31CVE-2024-45693
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated us... Read more
Affected Products : cloudstack- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
7.8
CVSS31CVE-2024-45710
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.... Read more
Affected Products : solarwinds_platform- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
8.8
CVSS31CVE-2024-45711
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software env... Read more
Affected Products : serv-u- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
5.9
CVSS31CVE-2024-49288
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a thro... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
7.1
CVSS31CVE-2024-49283
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
5.9
CVSS31CVE-2024-49282
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49281
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floatin... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49280
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49279
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TipTopPress Hyperlink Group Block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through 1.17.5.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49278
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49277
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
7.1
CVSS31CVE-2024-49276
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themis Solutions, Inc. Clio Grow allows Reflected XSS.This issue affects Clio Grow: from n/a through 1.0.2.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49264
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49263
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49262
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through 1.0.1.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49261
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.23.0.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49259
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.5
CVSS31CVE-2024-49255
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Daniele Alessandra Da Reactions allows Stored XSS.This issue affects Da Reactions: from n/a through 5.1.5.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
7.1
CVSS31CVE-2024-49248
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
7.6
CVSS31CVE-2024-5429
The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks... Read more
Affected Products : gs_logo_slider- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024