Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-22 | CVE-2024-6252 | Cross-site Scripting vulnerability in Skycaiji A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. | 6.1 |
| 2024-06-22 | CVE-2024-38379 | Cross-site Scripting vulnerability in Apache Allura Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue. | 4.8 |
| 2024-06-22 | CVE-2024-3593 | Cross-Site Request Forgery (CSRF) vulnerability in Sevenspark Ubermenu 3.8.3 The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. | 5.4 |
| 2024-06-22 | CVE-2024-5596 | The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. network low complexity | 6.3 |
| 2024-06-22 | CVE-2024-21515 | Cross-site Scripting vulnerability in Opencart 4.0.0.0/4.0.2.2 This affects versions of the package opencart/opencart from 4.0.0.0. | 4.7 |
| 2024-06-22 | CVE-2024-21516 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 4.7 |
| 2024-06-22 | CVE-2024-21517 | Cross-site Scripting vulnerability in Opencart 4.0.0.0/4.0.2.2 This affects versions of the package opencart/opencart from 4.0.0.0. | 6.1 |
| 2024-06-22 | CVE-2024-4874 | Authorization Bypass Through User-Controlled Key vulnerability in Bricksbuilder Bricks The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. | 4.3 |
| 2024-06-22 | CVE-2024-5965 | Cross-site Scripting vulnerability in Wildweblab Mosaic The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-22 | CVE-2024-5966 | Cross-site Scripting vulnerability in Grey Opaque Project Grey Opaque The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. | 5.4 |