CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-30979
https://notcve.org/view.php?id=CVE-2024-30979
Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php. • https://medium.com/%40shanunirwan/cve-2024-30979-stored-cross-site-scripting-xss-in-cyber-cafe-management-system-project-ccms-1-44b10f50817b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30987
https://notcve.org/view.php?id=CVE-2024-30987
Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters. • https://medium.com/%40shanunirwan/cve-2024-30987-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-b6a7a177d254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3849 – Click to Chat – HoliThemes <= 3.35 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-3849
This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/3.35/new/admin/admin_demo/class-ht-ctc-admin-demo.php#L280 https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/3.35/new/inc/chat/class-ht-ctc-chat-shortcode.php#L207 https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/3.35/new/inc/chat/class-ht-ctc-chat.php#L291 https://plugins.trac.wordpress.org/browser/click-to-chat-for-whatsapp/tags/3.35/new/inc/group • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-30989
https://notcve.org/view.php?id=CVE-2024-30989
Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter. • https://medium.com/%40shanunirwan/cve-2024-30989-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3cfa1c54e4a6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3812 – Salient Core <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode
https://notcve.org/view.php?id=CVE-2024-3812
This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. • https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266 https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd3b70e-a06a-4dcc-a6af-dbe64fd57c82?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •