Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-19 | CVE-2024-8850 | Cross-site Scripting vulnerability in Ibericode Mailchimp The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-09-18 | CVE-2021-27917 | Cross-site Scripting vulnerability in Acquia Mautic Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | 5.4 |
| 2024-09-18 | CVE-2024-46372 | Cross-site Scripting vulnerability in Dedecms 5.7.115 DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | 6.1 |
| 2024-09-18 | CVE-2024-47050 | Cross-site Scripting vulnerability in Acquia Mautic Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | 6.1 |
| 2024-09-18 | CVE-2024-47058 | Cross-site Scripting vulnerability in Acquia Mautic With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. | 4.8 |
| 2024-09-18 | CVE-2024-43024 | Cross-site Scripting vulnerability in RWS Multitrans Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2024-09-18 | CVE-2024-43025 | Cross-site Scripting vulnerability in RWS Multitrans An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. | 6.1 |
| 2024-09-18 | CVE-2024-34057 | Classic Buffer Overflow vulnerability in multiple products Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. | 7.5 |
| 2024-09-18 | CVE-2024-8287 | Improper Certificate Validation vulnerability in Canonical Anbox Cloud Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. | 7.5 |
| 2024-09-18 | CVE-2024-46978 | Unspecified vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.5 |