CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-44777 – vTiger CRM 7.4.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-44777
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities. • http://vtiger.com https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-44778 – vTiger CRM 7.4.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-44778
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities. • http://vtiger.com https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-44779 – vTiger CRM 7.4.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-44779
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities. • http://vtiger.com https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8016 – The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-8016
The additional presence of a POP chain allows attackers to execute code remotely. • https://theeventscalendar.com/blog/news/important-security-update-for-the-events-calendar-pro https://theeventscalendar.com/release-notes/events-calendar-pro/events-calendar-pro-7-0-2-1 https://www.wordfence.com/threat-intel/vulnerabilities/id/34f0e5a6-0bd3-4734-b7e0-27dc825d193f?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41361
https://notcve.org/view.php?id=CVE-2024-41361
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2398 • CWE-94: Improper Control of Generation of Code ('Code Injection') •