| 2024-06-17 | CVE-2024-37625 | Cross-site Scripting vulnerability in Zhimengzhel Ibarn 1.5
zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php. | 6.1 |
| 2024-06-17 | CVE-2024-5741 | Cross-site Scripting vulnerability in Checkmk
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | 5.4 |
| 2024-06-17 | CVE-2024-6044 | Certain models of D-Link wireless routers have a path traversal vulnerability. | 6.5 |
| 2024-06-16 | CVE-2023-27636 | Cross-site Scripting vulnerability in Progress Sitefinity
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | 5.4 |
| 2024-06-16 | CVE-2024-38465 | Information Exposure Through Discrepancy vulnerability in Guoxinled Synthesis Image System
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error. | 5.3 |
| 2024-06-16 | CVE-2024-38454 | Cross-site Scripting vulnerability in Expressionengine
ExpressionEngine before 7.4.11 allows XSS. | 6.1 |
| 2024-06-16 | CVE-2024-38460 | Information Exposure Through Log Files vulnerability in Sonarsource Sonarqube
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc). | 6.5 |
| 2024-06-16 | CVE-2024-36397 | Cross-site Scripting vulnerability in Vantiva Mediaaccess Dga2232 Firmware
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 |
| 2024-06-15 | CVE-2024-5611 | The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-06-15 | CVE-2024-2695 | The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. | 6.4 |