CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7657 – Gila CMS HTTP POST Request page cross site scripting
https://notcve.org/view.php?id=CVE-2024-7657
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?ctiid.274114 https://vuldb.com/?id.274114 https://vuldb.com/?submit.384630 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-7551 – juzaweb CMS Theme Editor default path traversal
https://notcve.org/view.php?id=CVE-2024-7551
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE9-1.md https://vuldb.com/?ctiid.273696 https://vuldb.com/?id.273696 https://vuldb.com/?submit.381444 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7300 – Bolt CMS Showcase Creation showcases cross site scripting
https://notcve.org/view.php?id=CVE-2024-7300
A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.273168 https://vuldb.com/?id.273168 https://vuldb.com/?submit.380678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7299 – Bolt CMS Entry Preview page cross site scripting
https://notcve.org/view.php?id=CVE-2024-7299
A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.273167 https://vuldb.com/?id.273167 https://vuldb.com/?submit.379971 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7106 – Spina CMS media_folders cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-7106
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/topsky979/Security-Collections/blob/main/cve3/README.md https://vuldb.com/?ctiid.272431 https://vuldb.com/?id.272431 https://vuldb.com/?submit.376769 • CWE-352: Cross-Site Request Forgery (CSRF) •