CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-29375
https://notcve.org/view.php?id=CVE-2024-29375
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters. • https://github.com/ismailcemunver/CVE-2024-29375 •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29387
https://notcve.org/view.php?id=CVE-2024-29387
projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php. Se descubrió que projeqtor hasta la versión 11.2.0 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /view/print.php. • https://cve.anas-cherni.me/2024/04/04/cve-2024-29387 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2024-20362
https://notcve.org/view.php?id=CVE-2024-20362
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. ... A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbiz-rv-xss-OQeRTup • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-20334
https://notcve.org/view.php?id=CVE-2024-20334
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. ... A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tms-xss-kGw4DX9Y • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20367
https://notcve.org/view.php?id=CVE-2024-20367
A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. ... A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CSQxgxfM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •