Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-21 | CVE-2024-5344 | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. | 6.1 |
2024-06-21 | CVE-2024-6212 | SQL Injection vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. | 6.1 |
2024-06-20 | CVE-2024-38082 | Unspecified vulnerability in Microsoft Edge Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.7 |
2024-06-20 | CVE-2024-38093 | Unspecified vulnerability in Microsoft Edge Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 |
2024-06-20 | CVE-2024-6154 | Out-of-bounds Write vulnerability in Parallels Desktop Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. | 6.7 |
2024-06-20 | CVE-2024-37350 | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. | 4.7 |
2024-06-20 | CVE-2024-37343 | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator using a non-default configuration could click on it while the attacker has a valid tunnel session with the server. | 5.4 |
2024-06-20 | CVE-2024-37345 | Cross-site Scripting vulnerability in Absolute Secure Access There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. | 5.4 |
2024-06-20 | CVE-2024-37346 | Unspecified vulnerability in Absolute Secure Access There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. | 4.9 |
2024-06-20 | CVE-2024-5156 | The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity | 6.4 |