CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45720 – Apache Subversion: Command line argument injection on Windows platforms
https://notcve.org/view.php?id=CVE-2024-45720
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms. • https://subversion.apache.org/security/CVE-2024-45720-advisory.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47841 – Path traversal when loading stylesheets
https://notcve.org/view.php?id=CVE-2024-47841
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. • https://gerrit.wikimedia.org/r/q/I46613d8d50fc978bdac58e2b312ee03324c1edc8 https://phabricator.wikimedia.org/T368628 https://phabricator.wikimedia.org/T369486 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47840 – Stored XSS through sidebar in Apex skin
https://notcve.org/view.php?id=CVE-2024-47840
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. • https://gerrit.wikimedia.org/r/q/Id9093783051c3f8e6dcb5dc89f9493a5f5cf7bd7 https://phabricator.wikimedia.org/T368628 https://phabricator.wikimedia.org/T370081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47847 – Various XSSes found in Cargo
https://notcve.org/view.php?id=CVE-2024-47847
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063804 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063806 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063827 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1063831 https://phabricator.wikimedia.org/T368628 https://phabricator.wikimedia.org/T372211 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47846 – Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection
https://notcve.org/view.php?id=CVE-2024-47846
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1062723 https://phabricator.wikimedia.org/T368628 https://phabricator.wikimedia.org/T372209 • CWE-352: Cross-Site Request Forgery (CSRF) •