CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48954
https://notcve.org/view.php?id=CVE-2024-48954
Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. • https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest https://servicedesk.logpoint.com/hc/en-us/articles/21968851138461-Remote-Code-Execution-RCE-in-EventHub-Collector https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46960
https://notcve.org/view.php?id=CVE-2024-46960
The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. • https://github.com/actuator/com.rocks.video.downloader/blob/main/CVE-2024-46960 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-46961
https://notcve.org/view.php?id=CVE-2024-46961
The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component. • https://github.com/actuator/com.downloader.privatebrowser/blob/main/CVE-2024-46961 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51757 – Fixes security vulnerability that allowed for server side code to be executed by a <script> tag
https://notcve.org/view.php?id=CVE-2024-51757
Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. • https://github.com/capricorn86/happy-dom/commit/5ee0b1676d4ce20cc2a70d1c9c8d6f1e3f57efac https://github.com/capricorn86/happy-dom/commit/d23834c232f1cf5519c9418b073f1dcec6b2f0fd https://github.com/capricorn86/happy-dom/issues/1585 https://github.com/capricorn86/happy-dom/pull/1586 https://github.com/capricorn86/happy-dom/releases/tag/v15.10.2 https://github.com/capricorn86/happy-dom/security/advisories/GHSA-96g7-g7g9-jxw8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-20540 – Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-20540
An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-sxss-qBTDBZDD • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •