CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11246 – code-projects Farmacia adicionar-cliente.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11246
A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/curry136/cve/blob/main/xss8.md https://vuldb.com/?ctiid.284682 https://vuldb.com/?id.284682 https://vuldb.com/?submit.443189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9839 – Uix Slideshow <= 1.6.5 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-9839
The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/uix-slideshow/trunk/includes/shortcodes.php#L26 https://wordpress.org/plugins/uix-slideshow/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/f189f606-ec30-4f5d-81c9-d526ba7141f0?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10262 – Drop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-10262
The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/drop-shadow-boxes/trunk/dropshadowboxes.php#L150 https://wordpress.org/plugins/drop-shadow-boxes/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/fa0a296a-a93f-4c0e-9911-b4f9bdd53fad?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11243 – code-projects Online Shop Store signup.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11243
A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/sh3rl0ckpggp/0day/blob/main/code-projects_online-shop_CrossSiteScripting.md https://vuldb.com/?ctiid.284679 https://vuldb.com/?id.284679 https://vuldb.com/?submit.442075 https://youtu.be/QThAqddl5Dk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-11240 – IBPhoenix ibWebAdmin Banco de Dados Tab database.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11240
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db_login_role leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://docs.google.com/document/d/1_kk14QhqJuqMGzAD_SUlOSvCGwYdeF4gI8m7mVTPBAQ/edit?usp=sharing https://vuldb.com/?ctiid.284675 https://vuldb.com/?id.284675 https://vuldb.com/?submit.438471 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •