Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-33978 | Cross-site Scripting vulnerability in Janobe Young Entrepreneur E-Negosyo System 1.0 Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. | 6.1 |
| 2024-08-06 | CVE-2024-33979 | Cross-site Scripting vulnerability in Janobe Credit Card, Debit Card Payment and Paypal Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. | 6.1 |
| 2024-08-06 | CVE-2024-33980 | Cross-site Scripting vulnerability in Janobe Credit Card, Debit Card Payment and Paypal Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. | 6.1 |
| 2024-08-06 | CVE-2024-33981 | Cross-site Scripting vulnerability in Janobe Credit Card, Debit Card Payment and Paypal Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. | 6.1 |
| 2024-08-06 | CVE-2024-7317 | The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. network low complexity | 6.4 |
| 2024-08-06 | CVE-2024-5708 | The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. network low complexity | 6.4 |
| 2024-08-06 | CVE-2024-6200 | Cross-site Scripting vulnerability in Haloservicesolutions Haloitsm HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2024-08-06 | CVE-2024-6201 | Unspecified vulnerability in Haloservicesolutions Haloitsm 2.143.8/2.144/2.146 HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. | 5.3 |
| 2024-08-06 | CVE-2024-39817 | Unspecified vulnerability in Cybozu Office Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App. | 6.5 |
| 2024-08-06 | CVE-2024-7008 | Cross-site Scripting vulnerability in Calibre-Ebook Calibre Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. | 6.1 |