Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-45066 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
| 2024-09-25 | CVE-2024-45373 | Unspecified vulnerability in Doverfuelingsolutions products Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | 8.8 |
| 2024-09-25 | CVE-2024-46610 | Unspecified vulnerability in Thecosy Icecms 1.0.0/2.0.1 An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java | 7.5 |
| 2024-09-25 | CVE-2024-46934 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). | 6.1 |
| 2024-09-25 | CVE-2024-46935 | Unspecified vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). | 7.5 |
| 2024-09-25 | CVE-2024-47048 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. | 5.4 |
| 2024-09-25 | CVE-2024-7398 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. | 5.4 |
| 2024-09-25 | CVE-2024-8103 | Cross-site Scripting vulnerability in Gcsdesign WP Category Dropdown The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-25 | CVE-2024-8267 | The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-09-25 | CVE-2024-8291 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. | 4.8 |