Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-41825 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab | 5.4 |
| 2024-07-22 | CVE-2024-41826 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page | 4.8 |
| 2024-07-22 | CVE-2024-41828 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time | 6.5 |
| 2024-07-22 | CVE-2024-38723 | Server-Side Request Forgery (SSRF) vulnerability in Json-Content-Importer Json Content Importer Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6. | 6.4 |
| 2024-07-22 | CVE-2024-38728 | Server-Side Request Forgery (SSRF) vulnerability in S-Sols Seraphinite Post .Docx Source Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9. | 6.4 |
| 2024-07-22 | CVE-2024-38730 | Server-Side Request Forgery (SSRF) vulnerability in Wpthemespace Magical Addons for Elementor Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.This issue affects Magical Addons For Elementor: from n/a through 1.1.41. | 6.4 |
| 2024-07-22 | CVE-2024-33933 | Cross-site Scripting vulnerability in Brainstormforce Elementor - Header, Footer & Blocks Template Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35. | 5.4 |
| 2024-07-22 | CVE-2024-34457 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Streampark On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 | 6.5 |
| 2024-07-22 | CVE-2024-35656 | Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2. | 6.1 |
| 2024-07-22 | CVE-2024-37097 | Cross-site Scripting vulnerability in Unitedthemes Shortcodes Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UnitedThemes Shortcodes by United Themes allows Reflected XSS.This issue affects Shortcodes by United Themes: from n/a before 5.0.5. | 6.1 |