CVSS: 5.1EPSS: %CPEs: -EXPL: 1CVE-2024-11130 – ZZCMS msg.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11130
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. • https://github.com/En0t5/vul/blob/main/zzcms-msg-xss.md https://vuldb.com/?ctiid.283976 https://vuldb.com/?id.283976 https://vuldb.com/?submit.439699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: %CPEs: 1EXPL: 0CVE-2024-37365 – FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path
https://notcve.org/view.php?id=CVE-2024-37365
A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: %CPEs: -EXPL: 0CVE-2024-46888
https://notcve.org/view.php?id=CVE-2024-46888
This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device. • https://cert-portal.siemens.com/productcert/html/ssa-915275.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11102 – SourceCodester Hospital Management System edit-doc.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11102
A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. • https://drive.google.com/file/d/1Omjwoh6B2xh41c3Av0_VJsoR7tascb1_/view?usp=sharing https://github.com/Salah-Tayeh/CVEs-and-Vulnerabilities/blob/main/Hospital%20Management%20System%20-%20Stored%20XSS.md https://vuldb.com/?ctiid.283922 https://vuldb.com/?id.283922 https://vuldb.com/?submit.441694 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-11079 – Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
https://notcve.org/view.php?id=CVE-2024-11079
This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. • https://access.redhat.com/security/cve/CVE-2024-11079 https://bugzilla.redhat.com/show_bug.cgi?id=2325171 • CWE-20: Improper Input Validation •