CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-33533
https://notcve.org/view.php?id=CVE-2024-33533
This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. ... Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed. • https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43249 – WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-43249
The Bit Form Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-authenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-41651
https://notcve.org/view.php?id=CVE-2024-41651
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. • https://github.com/Fckroun/CVE-2024-41651 https://github.com/Fckroun/CVE-2024-41651/tree/main • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-40500
https://notcve.org/view.php?id=CVE-2024-40500
Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. • https://github.com/nitipoom-jar/CVE-2024-40500 https://nitipoom-jar.github.io/CVE-2024-40500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-33536
https://notcve.org/view.php?id=CVE-2024-33536
The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. ... Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed. • https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes •