Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-17 | CVE-2023-43971 | Cross-site Scripting vulnerability in Lizhipay Acg-Faka 1.1.7 Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php. | 6.1 |
| 2024-07-17 | CVE-2024-39124 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. | 5.4 |
| 2024-07-17 | CVE-2024-39125 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. | 5.4 |
| 2024-07-17 | CVE-2024-39126 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. | 5.4 |
| 2024-07-17 | CVE-2023-52291 | Command Injection vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2024-07-17 | CVE-2024-29737 | Command Injection vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2024-07-17 | CVE-2024-31979 | Server-Side Request Forgery (SSRF) vulnerability in Apache Streampipes Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. | 4.3 |
| 2024-07-17 | CVE-2024-40617 | Path Traversal vulnerability in Fujitsu Network Edgiot Gw1500 Firmware Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). | 6.5 |
| 2024-07-17 | CVE-2024-39863 | Cross-site Scripting vulnerability in Apache Airflow Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. | 5.4 |
| 2024-07-17 | CVE-2024-5582 | Cross-site Scripting vulnerability in Magazine3 Schema & Structured Data for WP & AMP The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |