Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-26 CVE-2023-50945 IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
CWE-256
6.2
6.2
2025-01-26 CVE-2023-50946 IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism.
network
low complexity
CWE-863
6.5
6.5
2025-01-26 CVE-2024-31906 IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
CWE-525
6.2
6.2
2025-01-26 CVE-2024-12334 Cross-site Scripting vulnerability in Codexpert WC Affiliate
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping.
network
low complexity
codexpert CWE-79
6.1
6.1
2025-01-26 CVE-2024-13505 Cross-site Scripting vulnerability in Ays-Pro Survey Maker
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping.
network
low complexity
ays-pro CWE-79
4.8
4.8
2025-01-26 CVE-2024-10636 The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-25 CVE-2024-35144 IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.
network
low complexity
CWE-540
5.3
5.3
2025-01-25 CVE-2024-35145 IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting.
network
low complexity
CWE-79
6.1
6.1
2025-01-25 CVE-2024-35148 IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection.
network
low complexity
CWE-89
6.3
6.3
2025-01-25 CVE-2024-35150 IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.
network
low complexity
CWE-117
5.3
5.3