Vulnerability Summary for the Week of July 22, 2024 | CISA


1Panel-dev–KubePi
  KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is detected to be empty in the configuration file reading logic, the key is empty during actual verification. Using an empty key to generate a JWT token can bypass the login verification and directly take over the back end. Version 1.8.0 contains a patch for this issue. 2024-07-25 6.3 CVE-2024-36111
security-advisories@github.com
  Absolute Security–Secure Access
  There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editing the same management object. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high. 2024-07-25 4.5 CVE-2024-40873
SecurityResponse@netmotionsoftware.com
  Academy LMS–Academy LMS
  Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. 2024-07-22 4.3 CVE-2024-38701
audit@patchstack.com
  Adobe–Adobe Experience Manager
  Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-07-23 5.4 CVE-2024-34128
psirt@adobe.com
  Adobe–Adobe Experience Manager
  Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. 2024-07-23 4.1 CVE-2024-41839
psirt@adobe.com
  Adobe–InDesign Desktop
  InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-07-23 5.5 CVE-2024-41836
psirt@adobe.com
  AF themes — WP Post Author

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AF themes WP Post Author allows Stored XSS.This issue affects WP Post Author: from n/a through 3.6.7. 2024-07-22 5.4 CVE-2024-37101
audit@patchstack.com
  aguidrevitch–WP Meteor Website Speed Optimization Addon
  The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-24 5.3 CVE-2024-6553
security@wordfence.com
security@wordfence.com
  Ali2Woo Team — Ali2Woo Lite

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. 2024-07-22 6.1 CVE-2024-37211
audit@patchstack.com
  amans2k–Funnel Builder for WordPress by FunnelKit Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells
  The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to update multiple settings, including templates, designs, checkouts, and other plugin settings. 2024-07-24 4.3 CVE-2024-6836
security@wordfence.com
security@wordfence.com
security@wordfence.com
  ampache–ampache
  Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the “Playlists – Democratic – Configure Democratic Playlist” feature. An attacker with Content Manager permissions can set the Name field to `<svg onload=alert(8)>`. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the `democratic.php` file. Version 6.6.0 contains a patch for the issue. 2024-07-23 5.5 CVE-2024-41665
security-advisories@github.com
  Ankitects–Anki
  An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability. 2024-07-22 5.3 CVE-2024-29073
talos-cna@cisco.com
  aramex–Aramex Shipping WooCommerce
  The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21. This is due the plugin not preventing direct access to the composer-setup.php file which also has display_errors enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-27 5.3 CVE-2024-6566
security@wordfence.com
security@wordfence.com
  argoproj–argo-cd
  Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21. 2024-07-24 4.7 CVE-2024-41666
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  Atarim — Atarim

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Atarim allows Stored XSS.This issue affects Atarim: from n/a through 3.31. 2024-07-22 4.8 CVE-2024-37434
audit@patchstack.com
  athemes–aThemes Starter Sites
  The aThemes Starter Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-07-27 6.4 CVE-2024-6897
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  AuburnForest —  Blogmentor – Blog Layouts for Elementor

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor – Blog Layouts for Elementor: from n/a through 1.5. 2024-07-22 5.4 CVE-2024-37229
audit@patchstack.com
  Averta– Depicter Slider

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.0.2. 2024-07-22 5.4 CVE-2024-37414
audit@patchstack.com
  Beaver Addons — PowerPack Lite for Beaver Builder

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Stored XSS.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.4. 2024-07-22 5.4 CVE-2024-37409
audit@patchstack.com
  Bernhard Kux–JSON Content Importer
  Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6. 2024-07-22 6.4 CVE-2024-38723
audit@patchstack.com
  Biplob — Adhikari Accordions

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5. 2024-07-22 4.8 CVE-2024-37122
audit@patchstack.com
  Biplob — Adhikari Tabs

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6. 2024-07-22 4.8 CVE-2024-37120
audit@patchstack.com
  biplob018 — Shortcode Addons

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5. 2024-07-22 4.8 CVE-2024-37121
audit@patchstack.com
  bPlugins — Html5 Audio Player

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23. 2024-07-22 5.4 CVE-2024-37445
audit@patchstack.com
  Brainstorm Force, Nikhil ChavanHeader, Footer & Blocks Template

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35. 2024-07-22 5.4 CVE-2024-33933
audit@patchstack.com
  canonical–operator
  The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0. 2024-07-22 4.4 CVE-2024-41129
security-advisories@github.com
security-advisories@github.com
  Canonical–snapd
  In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service. 2024-07-25 5.8 CVE-2024-29068
security@ubuntu.com
security@ubuntu.com
  Canonical–snapd
  In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information. 2024-07-25 4.8 CVE-2024-29069
security@ubuntu.com
  Canonical–snap
  In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the ‘home’ plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement. 2024-07-25 6.3 CVE-2024-1724
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
  Checkmk GmbH–Checkmk
  Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. 2024-07-22 6.5 CVE-2024-6542
security@checkmk.com
  CodeRevolution–Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit
  The AIomatic – Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the ‘aiomatic_send_email’ function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. 2024-07-27 5.8 CVE-2024-5969
security@wordfence.com
security@wordfence.com
  coffee2code–Add Admin CSS
  The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-27 5.3 CVE-2024-6547
security@wordfence.com
security@wordfence.com
  coffee2code–Add Admin JavaScript
  The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-27 5.3 CVE-2024-6548
security@wordfence.com
security@wordfence.com
  coffee2code–Admin Post Navigation
  The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-27 5.3 CVE-2024-6549
security@wordfence.com
security@wordfence.com
  coffee2code–Admin Trim Interface
  The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-27 5.3 CVE-2024-6545
security@wordfence.com
security@wordfence.com
  coffee2code–One Click Close Comments
  The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-27 5.3 CVE-2024-6546
security@wordfence.com
security@wordfence.com
  Connectivity Standards Alliance–Matter
  An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled. 2024-07-24 6.5 CVE-2024-3297
cve-requests@bitdefender.com
  craftcms–cms
  Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim’s credentials. This has been patched in Craft 5.2.3. 2024-07-25 4.8 CVE-2024-41800
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  creativeinteractivemedi — Transition Slider – Responsive Image Slider and Gallery

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in creativeinteractivemedia Transition Slider – Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider – Responsive Image Slider and Gallery: from n/a through 2.20.3. 2024-07-22 5.4 CVE-2024-37215
audit@patchstack.com
  Dell–Dell Edge Gateway 3200
  Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. 2024-07-24 5.7 CVE-2023-32466
security_alert@emc.com
  Dell–Dell Edge Gateway 5200
  Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits. 2024-07-24 6 CVE-2023-32471
security_alert@emc.com
  dotCMS–dotCMS core
  The “reset password” login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 – A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&… https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator 2024-07-25 5.4 CVE-2024-3938
security@dotcms.com
  dotCMS–dotCMS core
  In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess “Sign In As” powers, admins who otherwise lack this privilege would still be able to utilize the session IDs to imitate other users. While this is a very small attack vector that requires very high permissions to execute, its danger lies principally in obfuscating attribution; all Sign In As operations are attributed appropriately in the log files, and a malicious administrator could use this information to render their dealings untraceable – including those admins who have not been granted this ability – such as by using a session ID to generate an API token. Fixed in: 24.07.12 / 23.01.20 LTS / 23.10.24v13 LTS / 24.04.24v5 LTS 2024-07-26 4.9 CVE-2024-4447
security@dotcms.com
  Elastic–Elasticsearch
  An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical. 2024-07-26 5.2 CVE-2023-49921
bressers@elastic.co
  Elementor — Elementor Pro

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2. 2024-07-22 6.1 CVE-2024-35656
audit@patchstack.com
  Enalean–tuleap
  Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox “Apply same permissions to all sub-items of this folder” in the document manager permissions modal is not taken into account and always considered as unchecked. In situations where the permissions are being restricted some users might still keep, incorrectly, the possibility to edit or manage items. Only change made via the web UI are affected, changes directly made via the REST API are not impacted. This vulnerability is fixed in Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8. 2024-07-22 4.8 CVE-2024-39902
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  EverPress — Mailster
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.9. 2024-07-22 6.1 CVE-2024-37433
audit@patchstack.com
  FishAudio–Bert-VITS2
  Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier. 2024-07-22 6.5 CVE-2024-39688
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  ForIP Tecnologia–Administrao PABX
  A vulnerability classified as critical has been found in ForIP Tecnologia Administração PABX 1.x. Affected is an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-25 6.3 CVE-2024-7105
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  ggerganov–llama.cpp
  llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427. 2024-07-22 5.4 CVE-2024-41130
security-advisories@github.com
security-advisories@github.com
  GitLab–GitLab
  An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles. 2024-07-24 4.4 CVE-2024-5067
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
  GitLab–GitLab
  An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level. 2024-07-25 4.3 CVE-2024-7057
cve@gitlab.com
cve@gitlab.com
  GitLab–GitLab
  An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where it was possible to disclose limited information of an exported group or project to another user. 2024-07-24 4.1 CVE-2024-7091
cve@gitlab.com
  Groundhogg– Groundhogg

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.4.2.3. 2024-07-22 6.1 CVE-2024-37264
audit@patchstack.com
  Hamid Alinia – idehweb — Login with phone number

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hamid Alinia – idehweb Login with phone number allows Stored XSS.This issue affects Login with phone number: from n/a through 1.7.35. 2024-07-22 4.8 CVE-2024-37429
audit@patchstack.com
  Hewlett Packard EnterpriseHPE Aruba Networking EdgeConnect SD-WAN Orchestrator

 

A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface. 2024-07-24 6.1 CVE-2024-22444
security-alert@hpe.com
  HMS Industrial Networks–Anybus-CompactCom 30
  HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks. 2024-07-25 6.3 CVE-2024-6558
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
  Huawei — HarmonyOS

 

Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. 2024-07-25 5.5 CVE-2024-39670
psirt@huawei.com
  Huawei — HarmonyOS

 

Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2024-07-25 5.5 CVE-2024-39671
psirt@huawei.com
  Huawei — HarmonyOS
  Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. 2024-07-25 5.5 CVE-2024-39674
psirt@huawei.com
  HuaweiHarmonyOS

 

Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability. 2024-07-25 5.5 CVE-2023-7271
psirt@huawei.com
  IBM–InfoSphere Information Server
  IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719. 2024-07-26 6 CVE-2024-40689
psirt@us.ibm.com
psirt@us.ibm.com
  IBM–Security Directory Integrator
  IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. 2024-07-25 6.8 CVE-2024-28772
psirt@us.ibm.com
psirt@us.ibm.com
  IBM–Security Directory Integrator
  IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. 2024-07-25 5.3 CVE-2022-32759
psirt@us.ibm.com
psirt@us.ibm.com
  ignitionwp–IgnitionDeck Crowdfunding Platform
  The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others. 2024-07-27 5.4 CVE-2024-4410
security@wordfence.com
security@wordfence.com
security@wordfence.com
  J.N. Breetvelt a.k.a. OpaJaap — WP Photo Album Plus

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Reflected XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.00.002. 2024-07-22 6.1 CVE-2024-37416
audit@patchstack.com
  JetBrains–TeamCity
  In JetBrains TeamCity before 2024.07 parameters of the “password” type could leak into the build log in some specific cases 2024-07-22 6.4 CVE-2024-41824
cve@jetbrains.com
  JetBrains–TeamCity
  In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab 2024-07-22 4.6 CVE-2024-41825
cve@jetbrains.com
  Jethin — Gallery Slideshow

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1. 2024-07-22 5.4 CVE-2024-37246
audit@patchstack.com
  kaptinlin Striking– kaptinlin Striking

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in kaptinlin Striking allows Reflected XSS.This issue affects Striking: from n/a through 2.3.4. 2024-07-22 6.1 CVE-2024-37267
audit@patchstack.com
  Kriesi.At — Enfold

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9. 2024-07-22 6.1 CVE-2024-37199
audit@patchstack.com
  litespeedtech–LiteSpeed Cache
  The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-07-24 6.1 CVE-2024-3246
security@wordfence.com
security@wordfence.com
  Maciej Bis — Permalink Manager Lite

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3. 2024-07-22 6.1 CVE-2024-37257
audit@patchstack.com
  Martin Gibson — IdeaPush

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.60. 2024-07-22 5.4 CVE-2024-37265
audit@patchstack.com
  Mayur Somani, threeroutes media — Elegant Themes Icons

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Mayur Somani, threeroutes media Elegant Themes Icons allows Stored XSS.This issue affects Elegant Themes Icons: from n/a through 1.3. 2024-07-22 5.4 CVE-2024-37100
audit@patchstack.com
  MD-MAFUJUL-HASAN–Online-Payroll-Management-System
  A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been declared as critical. This vulnerability affects unknown code of the file /designation_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-26 6.3 CVE-2024-7115
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  MD-MAFUJUL-HASAN–Online-Payroll-Management-System
  A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been rated as critical. This issue affects some unknown processing of the file /branch_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-26 6.3 CVE-2024-7116
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  MD-MAFUJUL-HASAN–Online-Payroll-Management-System
  A vulnerability classified as critical has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected is an unknown function of the file /shift_viewmore.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-272448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-26 6.3 CVE-2024-7117
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  MD-MAFUJUL-HASAN–Online-Payroll-Management-System
  A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this vulnerability is an unknown functionality of the file /department_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier VDB-272449 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-26 6.3 CVE-2024-7118
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  MD-MAFUJUL-HASAN–Online-Payroll-Management-System
  A vulnerability, which was classified as critical, has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this issue is some unknown functionality of the file /employee_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272450 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-26 6.3 CVE-2024-7119
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Michael Bester — Kimili Flash Embed

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3. 2024-07-22 5.4 CVE-2024-37221
audit@patchstack.com
  Microsoft–Microsoft Edge (Chromium-based)
  Microsoft Edge (Chromium-based) Information Disclosure Vulnerability 2024-07-25 5.9 CVE-2024-38103
secure@microsoft.com
  mohammed_kaludi–AMP for WP Accelerated Mobile Pages
  The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-07-24 6.4 CVE-2024-6896
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Netgear–WN604
  A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-27 5.3 CVE-2024-7153
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  NextScripts — NextScripts

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NextScripts allows Reflected XSS.This issue affects NextScripts: from n/a through 4.4.6. 2024-07-22 6.1 CVE-2024-37275
audit@patchstack.com
  NI–LabVIEW
  An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions. 2024-07-22 5.5 CVE-2024-6638
security@ni.com
  NI–SystemLink Server
  An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. 2024-07-22 5.5 CVE-2024-6122
security@ni.com
  Nicdark — Restaurant Reservations

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0. 2024-07-22 5.4 CVE-2024-37223
audit@patchstack.com
  Ninja Team —  Ninja Beaver Add-ons for Beaver Builder

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through 2.4.5. 2024-07-22 5.4 CVE-2024-37244
audit@patchstack.com
  nitesh_singh–Ultimate WordPress Auction Plugin
  The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the ‘send_auction_email_callback’ and ‘resend_auction_email_callback’ functions in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address. 2024-07-27 5.8 CVE-2024-6591
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Noor alam–Magical Addons For Elementor
  Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.This issue affects Magical Addons For Elementor: from n/a through 1.1.41. 2024-07-22 4.9 CVE-2024-38730
audit@patchstack.com
  Octopus Deploy–Octopus Server
  In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text. 2024-07-25 6.5 CVE-2024-6972
security@octopus.com
  openedx–edx-platform
  The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available when the uploader uses versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper. The patch in commit cb729a3ced0404736dfa0ae768526c82b608657b ensures that cohorts data uploaded to AWS S3 buckets is written with a private ACL. Beyond patching, deployers should also ensure that existing cohorts uploads have a private ACL, or that other precautions are taken to avoid public access. 2024-07-25 5.3 CVE-2024-41806
security-advisories@github.com
security-advisories@github.com
  opf–openproject
  OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the “Login required” setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProject user’s account. This vulnerability affects default packaged installation of OpenProject without any additional configuration or modules on Apache (such as mod_security, manually setting a host name, having a fallthrough VirtualHost). It might also affect other installations that did not take care to fix the HOST/X-Forwarded-Host headers. Version 14.3.0 includes stronger protections for the hostname from within the application using the HostAuthorization middleware of Rails to reject any requests with a host name that does not match the configured one. Also, all generated links by the application are now ensured to use the built-in hostname. Users who aren’t able to upgrade immediately may use mod_security for Apache2 or manually fix the Host and X-Forwarded-Host headers in their proxying application before reaching the application server of OpenProject. Alternatively, they can manually apply the patch to opt-in to host header protections in previous versions of OpenProject. 2024-07-25 4.7 CVE-2024-41801
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  paritydiscounts–ParityPress Parity Pricing with Discount Rules
  The ParityPress – Parity Pricing with Discount Rules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘Discount Text’ in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-07-27 5.5 CVE-2024-6661
security@wordfence.com
security@wordfence.com
security@wordfence.com
  PBN Hosting SL — Page Builder Sandwich – Front-End Page Builder

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PBN Hosting SL Page Builder Sandwich – Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0. 2024-07-22 5.4 CVE-2024-37219
audit@patchstack.com
  piotnetdotcom–Piotnet Addons For Elementor
  The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the ‘pafe_posts_list’ function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of future, draft, and pending blog posts. 2024-07-27 5.3 CVE-2024-5614
security@wordfence.com
security@wordfence.com
security@wordfence.com
  plugins360–All-in-One Video Gallery
  The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-24 6.4 CVE-2024-6629
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Pratik Chaskar — Cards for Beaver Builder

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pratik Chaskar Cards for Beaver Builder.This issue affects Cards for Beaver Builder: from n/a through 1.1.4. 2024-07-22 5.4 CVE-2024-37278
audit@patchstack.com
  ProWCPlugins– Empty Cart Button for WooCommerce

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8. 2024-07-22 5.4 CVE-2024-37217
audit@patchstack.com
  Raisecom–MSG1200
  A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451. 2024-07-26 6.3 CVE-2024-7120
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Rami Yushuvaev — Sketchfab Embed

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5. 2024-07-22 5.4 CVE-2024-37216
audit@patchstack.com
  Red Hat Red Hat OpenShift Container Platform 3.11

 

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user’s credentials. As a result, unauthenticated users can access this endpoint. 2024-07-24 6.5 CVE-2024-7079
secalert@redhat.com
secalert@redhat.com
  Red Hat–Red Hat OpenShift Container Platform 3.11
  A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider (“openShiftAuth”) is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification. 2024-07-26 5.3 CVE-2024-7128
secalert@redhat.com
secalert@redhat.com
  robosoft — Photo Gallery, Images, Slider in Rbs Image Gallery

 

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-24 5.4 CVE-2024-3896
security@wordfence.com
security@wordfence.com
  Siemens–CPCI85 Central Processing/Communication
  A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. 2024-07-22 6.5 CVE-2024-39601
productcert@siemens.com
  sinatrateam — Sinatra

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3. 2024-07-22 5.4 CVE-2024-37116
audit@patchstack.com
  SixLabors–ImageSharp
  ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9. 2024-07-22 5.3 CVE-2024-41132
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  Social Rocket — Social Rocket

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3. 2024-07-22 6.1 CVE-2024-37258
audit@patchstack.com
  SourceCodester — Insurance Management System

 

A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272349 was assigned to this vulnerability. 2024-07-24 4.6 CVE-2024-7068
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Spina–CMS
  A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272346 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-24 4.3 CVE-2024-7065
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Spina–CMS
  A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272431. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-25 4.3 CVE-2024-7106
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Takashi Matsuyama — My Favorites

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1. 2024-07-22 5.4 CVE-2024-37114
audit@patchstack.com
  Team Emilia — Projects Progress Planner

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Team Emilia Projects Progress Planner allows Stored XSS.This issue affects Progress Planner: from n/a through 0.9.2. 2024-07-22 5.4 CVE-2024-37422
audit@patchstack.com
  techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
  The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-27 5.5 CVE-2024-6518
security@wordfence.com
security@wordfence.com
security@wordfence.com
  techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
  The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-27 5.5 CVE-2024-6520
security@wordfence.com
security@wordfence.com
security@wordfence.com
  techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
  The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-27 5.5 CVE-2024-6521
security@wordfence.com
security@wordfence.com
security@wordfence.com
  techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
  The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and ‘btn_txt’ parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for attackers with the Form Manager permissions and Subscriber+ user role, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-27 4.9 CVE-2024-6703
security@wordfence.com
security@wordfence.com
security@wordfence.com
  thehappymonster–Happy Addons for Elementor
  The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-27 6.4 CVE-2024-6627
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Theme4Press — Demo Awesome

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Theme4Press Demo Awesome allows Reflected XSS.This issue affects Demo Awesome: from n/a through 1.0.1. 2024-07-22 6.1 CVE-2024-37206
audit@patchstack.com
  ThemeGrill — Esteem

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeGrill Esteem allows Stored XSS.This issue affects Esteem: from n/a through 1.5.0. 2024-07-22 6.1 CVE-2024-37432
audit@patchstack.com
  ThemeLooks — Enter Addons

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.6. 2024-07-22 5.4 CVE-2024-37263
audit@patchstack.com
  Themesgrove — WidgetKit

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.0. 2024-07-22 5.4 CVE-2024-37428
audit@patchstack.com
  themeum–Tutor LMS Migration Tool
  The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses. 2024-07-27 5.3 CVE-2024-1798
security@wordfence.com
security@wordfence.com
  themeum–Tutor LMS Migration Tool
  The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses. 2024-07-27 4.3 CVE-2024-1804
security@wordfence.com
security@wordfence.com
  thinkst–canarytokens
  Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytoken is first created, the site will make a test request to the supplied URL to ensure it accepts alert notification HTTP requests. No safety checks were performed on the URL, leading to a Server-Side Request Forgery vulnerability. The SSRF is Blind because the content of the response is not displayed to the creating user; they are simply told whether an error occurred in making the test request. Using the Blind SSRF, it was possible to map out open ports for IPs inside the Canarytokens.org infrastructure. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`. 2024-07-23 5.4 CVE-2024-41664
security-advisories@github.com
  Tianchoy–Blog
  A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-07-26 6.3 CVE-2024-7114
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  tomdude–Intelligence
  The Intelligence plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.0. This is due the plugin not preventing direct access to the /vendor/levelten/intel/realtime/index.php file and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-27 5.3 CVE-2024-6573
security@wordfence.com
security@wordfence.com
security@wordfence.com
  TracksApp–tracks
  Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available. 2024-07-26 6.1 CVE-2024-41805
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  Uncanny Owl — Uncanny Automator Pro

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Uncanny Owl Uncanny Automator Pro allows Reflected XSS.This issue affects Uncanny Automator Pro: from n/a through 5.3. 2024-07-22 6.1 CVE-2024-37117
audit@patchstack.com
  UnitedThemes —  Shortcodes by United Themes

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in UnitedThemes Shortcodes by United Themes allows Reflected XSS.This issue affects Shortcodes by United Themes: from n/a before 5.0.5. 2024-07-22 6.1 CVE-2024-37097
audit@patchstack.com
  vibhorchhabra–Campaign Monitor for WordPress
  The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-27 5.3 CVE-2024-6569
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Vsourz Digital — All In One Redirection

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0. 2024-07-22 6.1 CVE-2024-37245
audit@patchstack.com
  vue–vue
  A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code. 2024-07-23 4.8 CVE-2024-6783
36c7be3b-2937-45df-85ea-ca7133ea542c
  wcproducttable–WooCommerce Product Table Lite
  The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table. 2024-07-27 6.4 CVE-2024-6458
security@wordfence.com
security@wordfence.com
security@wordfence.com
  wibergsweb–Master Currency WP
  The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-27 6.4 CVE-2024-6634
security@wordfence.com
security@wordfence.com
  WordPress — WordPress

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.2. 2024-07-22 6.1 CVE-2024-37262
audit@patchstack.com
  WordPress — WordPress

 

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin’s Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-24 5.4 CVE-2024-5818
security@wordfence.com
security@wordfence.com
  WordPress — WordPress

 

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack 2024-07-22 5.4 CVE-2024-6271
contact@wpscan.com
  WordPress — WordPress

 

The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks 2024-07-22 4.8 CVE-2024-5004
contact@wpscan.com
  WordPress — WordPress

 

The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-07-22 4.8 CVE-2024-5529
contact@wpscan.com
  WordPress — WordPress

 

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled. 2024-07-22 4.8 CVE-2024-6243
contact@wpscan.com
  WP Extended — The Ultimate WordPress Toolkit – WP Extended

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7. 2024-07-22 6.1 CVE-2024-37259
audit@patchstack.com
  WP Lab — WP-Lister Lite for Amazon

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.16. 2024-07-22 6.1 CVE-2024-37261
audit@patchstack.com
  WP MEDIA SAS–Search & Replace
  Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace.This issue affects Search & Replace: from n/a through 3.2.2. 2024-07-22 5.4 CVE-2024-38759
audit@patchstack.com
  wpchill–Optimize Images ALT Text (alt tag) & names for SEO using AI
  The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. This is due the plugin utilizing cocur and not preventing direct access to the generate-default.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-07-24 5.3 CVE-2024-6571
security@wordfence.com
security@wordfence.com
  wpdevelop–WP Booking Calendar
  The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ attribute within the plugin’s bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-24 6.4 CVE-2024-6930
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  wpexpertsio–WP EasyPay Square for WordPress
  The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square. 2024-07-24 5.3 CVE-2024-5861
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  WPMU — DEV Branda

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17. 2024-07-22 4.8 CVE-2024-37239
audit@patchstack.com
  WPWeb–Social Auto Poster
  The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options. 2024-07-24 6.3 CVE-2024-6751
security@wordfence.com
security@wordfence.com
  WPWeb–Social Auto Poster
  The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_name’ parameter in the ‘wpw_auto_poster_map_wordpress_post_type’ AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-24 6.4 CVE-2024-6752
security@wordfence.com
security@wordfence.com
  WPWeb–Social Auto Poster
  The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts. 2024-07-24 6.5 CVE-2024-6755
security@wordfence.com
security@wordfence.com
  WPWeb–Social Auto Poster
  The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpw_auto_poster_update_tweet_template’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post metadata. 2024-07-24 5.4 CVE-2024-6754
security@wordfence.com
security@wordfence.com
  Zyxel–WBE660S firmware
  The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. 2024-07-23 6.5 CVE-2024-1575
security@zyxel.com.tw
   Michael Nelson — Print My Blog

 

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0. 2024-07-22 4.8 CVE-2024-37271
audit@patchstack.com
  N/A — N/A

 

In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. 2024-07-22 5.3 CVE-2024-40430
cve@mitre.org
  N/A — N/A

 

An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes 2024-07-24 5.5 CVE-2024-40575
cve@mitre.org
cve@mitre.org
  N/A — N/A

 

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the “administer fields” permission. 2024-07-22 4.8 CVE-2024-41709
cve@mitre.org
  N/A — N/A
  SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. 2024-07-26 5.8 CVE-2024-42007
cve@mitre.org
  N/A — N/A
  An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 2024-07-25 4.8 CVE-2024-41707
cve@mitre.org
cve@mitre.org
 



Source link
lol

1Panel-dev–KubePi  KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is…

Leave a Reply

Your email address will not be published. Required fields are marked *