Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-15 | CVE-2024-6398 | Unspecified vulnerability in Skyhighsecurity Secure web Gateway An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. | 5.3 |
| 2024-07-15 | CVE-2024-6741 | Unspecified vulnerability in Openfind Mail2000 7.0/8.0 Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. | 5.3 |
| 2024-07-15 | CVE-2023-41916 | Files or Directories Accessible to External Parties vulnerability in Apache Linkis 1.4.0/1.5.0 In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. | 6.5 |
| 2024-07-15 | CVE-2024-6540 | Unspecified vulnerability in Otrs Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. | 5.3 |
| 2024-07-15 | CVE-2024-6740 | Cross-site Scripting vulnerability in Openfind Mail2000 7.0/8.0 Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks. | 6.1 |
| 2024-07-15 | CVE-2024-6072 | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 6.1 |
| 2024-07-15 | CVE-2024-6073 | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2024-07-15 | CVE-2024-6074 | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2024-07-15 | CVE-2024-6076 | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Estore The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2024-07-15 | CVE-2024-6289 | Open Redirect vulnerability in Wpserveur WPS Hide Login The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | 6.1 |