Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-23 | CVE-2024-41849 | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. | 4.1 |
| 2024-08-23 | CVE-2024-41875 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
| 2024-08-23 | CVE-2024-41876 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2024-08-23 | CVE-2024-41877 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
| 2024-08-23 | CVE-2024-41878 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2024-08-23 | CVE-2024-42918 | Cross-site Scripting vulnerability in Adonesevangelista Online Accreditation Management System 1.0 itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO parameters in controller.php. | 5.4 |
| 2024-08-23 | CVE-2024-44387 | Out-of-bounds Write vulnerability in Tencacn Fh1206 Firmware 1.2.0.8(8155)En Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet. | 6.5 |
| 2024-08-23 | CVE-2024-42364 | Authentication Bypass by Spoofing vulnerability in Gethomepage Homepage 0.9.1 Homepage is a highly customizable homepage with Docker and service API integrations. | 6.5 |
| 2024-08-23 | CVE-2024-38869 | Cross-site Scripting vulnerability in Zohocorp products Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. | 5.4 |
| 2024-08-23 | CVE-2024-41150 | Cross-site Scripting vulnerability in Zohocorp products An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. | 6.1 |