Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-22 | CVE-2024-6120 | Missing Authorization vulnerability in Wpneuron Sparkle Demo Importer The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. | 6.5 |
| 2024-06-21 | CVE-2023-39517 | Cross-site Scripting vulnerability in Joplin Project Joplin Joplin is a free, open source note taking and to-do application. | 5.4 |
| 2024-06-21 | CVE-2024-37671 | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter. | 5.4 |
| 2024-06-21 | CVE-2024-37672 | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter. | 5.4 |
| 2024-06-21 | CVE-2024-37673 | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter. | 5.4 |
| 2024-06-21 | CVE-2024-37675 | Cross-site Scripting vulnerability in Tessi Docubase 5.0 Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file. | 5.4 |
| 2024-06-21 | CVE-2022-38055 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. | 5.4 |
| 2024-06-21 | CVE-2022-44593 | Insufficient Verification of Data Authenticity vulnerability in Solidwp Solid Security Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1. | 5.3 |
| 2024-06-21 | CVE-2024-35781 | Path Traversal vulnerability in Back2Nature Word Balloon Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1. | 6.5 |
| 2024-06-21 | CVE-2024-35757 | Cross-site Scripting vulnerability in 5Starplugins Easy AGE Verify Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Easy Age Verify allows Stored XSS.This issue affects Easy Age Verify: from n/a through 1.8.2. | 4.8 |