CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11050 – AMTT Hotel Broadband Operation System language.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11050
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.283793 https://vuldb.com/?id.283793 https://vuldb.com/?submit.432690 https://wiki.shikangsi.com/post/share/ba791f6d-7f63-494f-bd73-827ed7f26e2e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10958 – WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay
https://notcve.org/view.php?id=CVE-2024-10958
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/tags/8.8.08.004/wppa-ajax.php#L1238 https://plugins.trac.wordpress.org/changeset/3184852 https://wordpress.org/plugins/wp-photo-album-plus/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/53bb0871-343a-4299-9902-682c422152d1?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46956
https://notcve.org/view.php?id=CVE-2024-46956
Out-of-bounds data access in filenameforall can lead to arbitrary code execution. • https://bugs.ghostscript.com/show_bug.cgi?id=707895 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46951
https://notcve.org/view.php?id=CVE-2024-46951
An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10261 – Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-10261
The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3182968/paid-member-subscriptions https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf19371-7b06-45c6-bf16-6ef7dfffb175?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •