CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-11489 – 115cms file.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11489
A vulnerability was found in 115cms up to 20240807. It has been classified as problematic. Affected is an unknown function of the file /index.php/admin/web/file.html. The manipulation of the argument ks leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/Hebing123/cve/issues/70 https://vuldb.com/?ctiid.285504 https://vuldb.com/?id.285504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-11488 – 115cms web_user.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11488
A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation of the argument ks leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/70 https://vuldb.com/?ctiid.285503 https://vuldb.com/?id.285503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10094
https://notcve.org/view.php?id=CVE-2024-10094
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code Las versiones 6.x a Infinity 24.1.1 de Pega Platform se ven afectadas por un problema con el control inadecuado de la generación de código • https://support.pega.com/support-doc/pega-security-advisory-d24-vulnerability-remediation-note • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10382 – Arbitrary Code execution in Car App Android Jetpack Library
https://notcve.org/view.php?id=CVE-2024-10382
In combination with other gadgets, this can lead to arbitrary code execution. ... This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. • https://developer.android.com/jetpack/androidx/releases/car-app#1.7.0-beta03 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52488 – AccessPress Staple <= 1.9.1 and Grip <= 1.0.9 - Authenticated (Subscriber+) Arbitrary Plugin Activation and Deactivation
https://notcve.org/view.php?id=CVE-2024-52488
This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate arbitrary plugins, which may make arbitrary code execution possible. • CWE-862: Missing Authorization •