CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2023-23021
https://notcve.org/view.php?id=CVE-2023-23021
Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. • https://gist.github.com/enferas/fe381bcc4a020f22cec31cb00e73f43c •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4406 – Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4406
Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-24-419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-26322 – GetApps application has code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26322
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://trust.mi.com/misrc/bulletins/advisory?cveId=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-33078
https://notcve.org/view.php?id=CVE-2024-33078
A user can send a crafted image to trigger a overflow leading to remote code execution. • https://github.com/HBLocker/CVE-2024-33078 • CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33442
https://notcve.org/view.php?id=CVE-2024-33442
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. • https://github.com/summerwayace/cms/blob/main/1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •