CVE-2024-27288 – 1Panel open source panel project has an unauthorized vulnerability.
https://notcve.org/view.php?id=CVE-2024-27288
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds. 1Panel es un panel de gestión de operación y mantenimiento de servidores Linux de código abierto. Antes de la versión 1.10.1-lts, los usuarios podían usar Burp para obtener acceso no autorizado a la página de la consola. • https://github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-lts https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjp • CWE-863: Incorrect Authorization •
CVE-2024-24841 – WordPress Add Customer for WooCommerce Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-24841
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Dan's Art Add Customer for WooCommerce permite almacenar XSS. Este problema afecta a Add Customer for WooCommerce: desde n/a hasta 1.7. The Add Customer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/add-customer-for-woocommerce/wordpress-add-customer-for-woocommerce-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-33663
https://notcve.org/view.php?id=CVE-2023-33663
In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue. • https://security.friendsofpresta.org/modules/2023/08/16/aicustomfee.html https://www.boutique.ai-dev.fr/en/customization/62-customization-fee.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-24804
https://notcve.org/view.php?id=CVE-2020-24804
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs. • https://github.com/cms-dev/cms/issues/1160 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-33666
https://notcve.org/view.php?id=CVE-2023-33666
ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. • https://security.friendsofpresta.org/modules/2023/08/03/aioptimizedcombinations.html https://www.boutique.ai-dev.fr/en/ergonomie/59-optimized-combinations.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •