CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47093 – Fix various XSS issues and potential RCE
https://notcve.org/view.php?id=CVE-2024-47093
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS • https://github.com/NagVis/nagvis/commit/30e71e8167d17a1828e7da71d6942f6fb36478cd https://github.com/NagVis/nagvis/commit/b5b1164007439de526df7d54d5c02d7732ba1c42 https://www.nagvis.org/downloads/changelog/1.9.42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12783 – itsourcecode Vehicle Management System billaction.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12783
A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/FinleyTang/Vehicle-Management-System/blob/main/Vehicle%20Management%20System%20billaction.php%20has%20Cross-site%20Scripting%20(XSS).pdf https://itsourcecode.com https://vuldb.com/?ctiid.288959 https://vuldb.com/?id.288959 https://vuldb.com/?submit.462628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12820
https://notcve.org/view.php?id=CVE-2020-12820
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. • https://fortiguard.fortinet.com/psirt/FG-IR-20-083 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-12819
https://notcve.org/view.php?id=CVE-2020-12819
Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context • https://fortiguard.com/advisory/FG-IR-20-082 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11157 – Rockwell Automation Third Party Vulnerability in Arena
https://notcve.org/view.php?id=CVE-2024-11157
If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html •