CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-43425 – Moodle: remote code execution via calculated question types
https://notcve.org/view.php?id=CVE-2024-43425
A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions. • https://bugzilla.redhat.com/show_bug.cgi?id=2304253 https://moodle.org/mod/forum/discuss.php?d=461193 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46960
https://notcve.org/view.php?id=CVE-2024-46960
The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. • https://github.com/actuator/com.rocks.video.downloader/blob/main/CVE-2024-46960 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-46961
https://notcve.org/view.php?id=CVE-2024-46961
The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component. • https://github.com/actuator/com.downloader.privatebrowser/blob/main/CVE-2024-46961 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51757 – Fixes security vulnerability that allowed for server side code to be executed by a <script> tag
https://notcve.org/view.php?id=CVE-2024-51757
happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability. • https://github.com/capricorn86/happy-dom/commit/5ee0b1676d4ce20cc2a70d1c9c8d6f1e3f57efac https://github.com/capricorn86/happy-dom/commit/d23834c232f1cf5519c9418b073f1dcec6b2f0fd https://github.com/capricorn86/happy-dom/issues/1585 https://github.com/capricorn86/happy-dom/pull/1586 https://github.com/capricorn86/happy-dom/releases/tag/v15.10.2 https://github.com/capricorn86/happy-dom/security/advisories/GHSA-96g7-g7g9-jxw8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9934 – Wp-ImageZoom <= 1.1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-9934
The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/53e640a7-833e-40de-93d4-acea28aff5a5 •