Security Vulnerabilities - CVEs Published In November 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor shortcodes-for-amp-web-stories-and-elementor-widget allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through <= 1.1.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-11-11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MiKa OSM osm.This issue affects OSM: from n/a through <= 6.1.2.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-11-11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nrmendez CRM 2go crm2go allows DOM-Based XSS.This issue affects CRM 2go: from n/a through <= 1.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-11-11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BU Web Team BU Slideshow bu-slideshow allows Stored XSS.This issue affects BU Slideshow: from n/a through <= 2.3.10.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-11-11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miloandrew Postcasa Shortcode postcasa allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through <= 1.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-11-11
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
CVSS Score
9.8
EPSS Score
0.026
Published
2024-11-11
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-11-11
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-11-11
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.
CVSS Score
8.8
EPSS Score
0.021
Published
2024-11-11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through <= 2.1.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-11-11