CVE-2024-12536 – SourceCodester Kortex Lite Advocate Office Management System client_data.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12536
A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/client_data.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.287912 https://vuldb.com/?id.287912 https://vuldb.com/?submit.461130 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-12503 – ClassCMS Model Management Page admin cross site scripting
https://notcve.org/view.php?id=CVE-2024-12503
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Jack-Black-13/blob/blob/main/classCMS_v4.8_model_xss.md https://vuldb.com/?ctiid.287875 https://vuldb.com/?id.287875 https://vuldb.com/?submit.461085 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-54810
https://notcve.org/view.php?id=CVE-2024-54810
A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Pre-School%20Enrollment/SQL%20Injection%20pre-school%20pa.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-12420 – WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-12420
The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207040%40wpappninja&new=3207040%40wpappninja&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/3ad03e3f-fb3e-4a80-9eea-d24459ed62b8?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-12421 – Coupon Affiliates – Affiliate Plugin for WooCommerce <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12421
The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. ... The Cross-Site Scripting was patched in version 5.16.7.1, while the arbitrary shortcode execution was patched in 5.16.7.2. • https://plugins.trac.wordpress.org/browser/woo-coupon-usage/tags/5.16.7/inc/functions/functions-user-coupons.php#L491 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207070%40woo-coupon-usage&new=3207070%40woo-coupon-usage&sfp_email=&sfph_mail=#file7 https://www.wordfence.com/threat-intel/vulnerabilities/id/66b669ce-142a-48b8-9adf-620657c2db74?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •