Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-37629 | Cross-site Scripting vulnerability in Summernote 0.8.18 SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | 6.1 |
| 2024-06-12 | CVE-2024-5559 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Schneider-Electric Powerlogic P5 Firmware CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device. | 6.8 |
| 2024-06-12 | CVE-2024-22855 | Cross-site Scripting vulnerability in Itss Imlog A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | 6.1 |
| 2024-06-12 | CVE-2024-37878 | Cross-site Scripting vulnerability in Twcms 2.0.3 Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources | 6.1 |
| 2024-06-12 | CVE-2024-5557 | Information Exposure Through Log Files vulnerability in Schneider-Electric Spacelogic As-B Firmware and Spacelogic As-P Firmware CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. | 4.5 |
| 2024-06-12 | CVE-2024-5558 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Schneider-Electric Spacelogic As-B Firmware and Spacelogic As-P Firmware CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. | 6.4 |
| 2024-06-12 | CVE-2024-5905 | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent 7.9.0/7.9.101 A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. | 4.4 |
| 2024-06-12 | CVE-2024-5906 | Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. | 4.8 |
| 2024-06-12 | CVE-2024-5909 | Improper Privilege Management vulnerability in Paloaltonetworks Cortex XDR Agent A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. | 5.5 |
| 2024-06-12 | CVE-2024-1891 | Cross-site Scripting vulnerability in Tenable Security Center 6.3.0 A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. | 5.4 |