Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-38503 | Cross-site Scripting vulnerability in Apache Syncope When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue. | 5.4 |
| 2024-07-22 | CVE-2024-6542 | Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. | 6.5 |
| 2024-07-22 | CVE-2024-37245 | Cross-site Scripting vulnerability in Vsourz ALL in ONE Redirection Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0. | 6.1 |
| 2024-07-22 | CVE-2024-37246 | Cross-site Scripting vulnerability in Gallery Slideshow Project Gallery Slideshow Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1. | 5.4 |
| 2024-07-22 | CVE-2024-37257 | Cross-site Scripting vulnerability in Permalink Manager Lite Project Permalink Manager Lite Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3. | 6.1 |
| 2024-07-22 | CVE-2024-37258 | Cross-site Scripting vulnerability in Wpsocialrocket Social Rocket Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3. | 6.1 |
| 2024-07-22 | CVE-2024-37259 | Cross-site Scripting vulnerability in Wpextended WP Extended Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 2.4.7. | 6.1 |
| 2024-07-22 | CVE-2024-37261 | Cross-site Scripting vulnerability in Wplab Wp-Lister Lite for Amazon Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.16. | 6.1 |
| 2024-07-22 | CVE-2024-37262 | Cross-site Scripting vulnerability in Vcita Online Booking & Scheduling Calendar for Wordpress BY Vcita Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.2. | 6.1 |
| 2024-07-22 | CVE-2024-37263 | Cross-site Scripting vulnerability in Themelooks Enter Addons Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.6. | 5.4 |