Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-24 | CVE-2024-3264 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. | 5.3 |
| 2024-06-24 | CVE-2024-4754 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Stored XSS.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5. | 5.4 |
| 2024-06-24 | CVE-2024-4499 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms 9.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. | 6.3 |
| 2024-06-23 | CVE-2024-6273 | Cross-site Scripting vulnerability in Oretnom23 Clinic Queuing System 1.0 A vulnerability was found in SourceCodester Clinic Queuing System 1.0. | 6.1 |
| 2024-06-23 | CVE-2024-6267 | Cross-site Scripting vulnerability in Oretnom23 Service Provider Management System 1.0 A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. | 4.8 |
| 2024-06-22 | CVE-2024-6251 | Cross-site Scripting vulnerability in Playsms 1.4.3 A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. | 6.1 |
| 2024-06-22 | CVE-2024-6252 | Cross-site Scripting vulnerability in Skycaiji A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. | 6.1 |
| 2024-06-22 | CVE-2024-38379 | Cross-site Scripting vulnerability in Apache Allura Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue. | 4.8 |
| 2024-06-22 | CVE-2024-3593 | Cross-Site Request Forgery (CSRF) vulnerability in Sevenspark Ubermenu 3.8.3 The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. | 5.4 |
| 2024-06-22 | CVE-2024-5596 | The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. network low complexity | 6.3 |