CVSS: 6.4EPSS: %CPEs: 1EXPL: 0CVE-2024-11783 – Financial Calculator <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11783
The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/finance-calculator-with-application-form/tags/2.2.1/finance-calculator-with-aplication-form.php#L604 https://www.wordfence.com/threat-intel/vulnerabilities/id/c9314970-1030-4488-8147-05ba1453182c?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2021-35975
https://notcve.org/view.php?id=CVE-2021-35975
Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25) Vulnerabilidad de path traversal absoluto en el componente Systematica SMTP Adapter (hasta v2.0.1.101) en Systematica Radius (hasta v.3.9.256.777) permite a atacantes remotos leer archivos arbitrarios a través de un nombre de ruta completo en el parámetro GET "archivo" en URL . Además: componentes afectados en el mismo producto: Adaptador HTTP (hasta v.1.8.0.15), Proxy MSSQL MessageBus (hasta v.1.1.06), Calculadora financiera (hasta v.1.3.05), Adaptador FIX (hasta v.2.4.0.25) • https://github.com/fbkcs/CVE-2021-35975 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •