CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42771
https://notcve.org/view.php?id=CVE-2024-42771
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Edit%20Room.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45167
https://notcve.org/view.php?id=CVE-2024-45167
Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. • http://download.uci.de/idol2/idol2Client_2_12.exe https://uci.de/download/idol2-client.html https://uci.de/products/index.html https://www.syss.de/en/responsible-disclosure-policy https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-051.txt • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42769
https://notcve.org/view.php?id=CVE-2024-42769
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Reflected%20XSS%20-%20Sign%20UP.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-42767
https://notcve.org/view.php?id=CVE-2024-42767
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. • https://cwe.mitre.org/data/definitions/434.html https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Unrestricted%20File%20Upload.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8480 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8480
This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.7/sirv.php#L6331 https://plugins.trac.wordpress.org/browser/sirv/trunk/sirv.php?rev=3103410#L4647 https://plugins.trac.wordpress.org/changeset/3115018 https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7?source=cve • CWE-862: Missing Authorization •