CVE-2024-25844
https://notcve.org/view.php?id=CVE-2024-25844
An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-soflexibilite.md •
CVE-2024-26469
https://notcve.org/view.php?id=CVE-2024-26469
Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-918.md •
CVE-2024-27103 – Querybook Stored Cross-Site Scripting allows Privilege Elevation
https://notcve.org/view.php?id=CVE-2024-27103
Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the "query auto-suggestion" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2. • https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-1632 – Incorrect access control in the Sitefinity backend
https://notcve.org/view.php?id=CVE-2024-1632
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 https://www.progress.com/sitefinity-cms • CWE-284: Improper Access Control •
CVE-2024-26476
https://notcve.org/view.php?id=CVE-2024-26476
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. • https://github.com/c4v4r0n/Research/blob/main/openemr_BlindSSRF/README.md https://github.com/mpdf/mpdf/issues/867 • CWE-918: Server-Side Request Forgery (SSRF) •