Web Application Detections Published in June 2024
In June, the Qualys Web Application Scanning (WAS) team issued a critical security signatures update. This update expands the scope to detect vulnerabilities in several widely used software applications, including WordPress, Cacti, Apache HugeGraph-Server, Check Point Security Gateway, Casgate, PHP, Apache OFBiz, Progress Telerik Report Server, SolarWinds Serv-U, JetBrains TeamCity, OpenCMS and Apache ActiveMQ.
| QID | Title |
| 150911 | WordPress Bold Page Builder Plugin Vulnerable to Stored Cross-Site Scripting (CVE-2024-2735) |
| 150913 | WordPress Thim Elementor Kit Plugin: Stored Cross-Site Scripting(CVE-2024-4329) |
| 150914 | WordPress Spectra Pro Plugin: Privilege Escalation(CVE-2024-3828) |
| 150921 | WordPress Kognetiks Chatbot Plugin: Unautheticated Arbitrary File Upload(CVE-2024-4329) |
| 150923 | WordPress Plugin Hotel Booking Lite : PHP Object Injection (CVE-2024-4413) |
| 150924 | WordPress Plugin Unlimited Elements For Elementor: SQL Injection (CVE-2024-3055) |
| 150925 | WordPress Plugin Unlimited Elements For Elementor : Command Injection (CVE-2024-2662) |
| 150926 | WordPress LMS Plugin : Unauthenticated Time-Based SQL Injection (CVE-2024-4434) |
| 150927 | WordPress LMS Plugin: Arbitrary File Upload Vulnerability ( CVE-2024-4397) |
| 150932 | WordPress user_login Column SQL Truncation Vulnerability (CVE-2008-4106) |
| 150933 | Shortcodes WordPress Plugin Vulnerable Stored XSS (CVE-2024-2583) |
| 150943 | Cacti Command Injection Vulnerability (CVE-2024-29895) |
| 150944 | WordPress HTML5 Video Player Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-1061) |
| 150945 | WordPress HTML5 Video Player Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-5522) |
| 150946 | Apache HugeGraph-Server Command Execution Vulnerability (CVE-2024-27348) |
| 150947 | Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919) |
| 150948 | WordPress Business Card Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-4530) |
| 150949 | WordPress KKProgressbar2 Plugin: SQL Injection Vulnerability (CVE-2024-4533) |
| 150950 | WordPress Kognetiks Chatbot Plugin: Arbitrary File Upload Vulnerability (CVE-2024-32700) |
| 150952 | WordPress Contact Form Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-4709) |
| 150953 | Casgate Improper Authorization Vulnerability (CVE-2024-36108) |
| 150954 | PHP CGI Argument Injection Vulnerability (CVE-2024-4577) |
| 150956 | Apache OFBiz Path Traversal Vulnerability (CVE-2024-36104) |
| 150957 | WordPress Open Graph Plugin: Sensitive Information Exposure Vulnerability (CVE-2024-5615) |
| 150959 | WordPress Prime Slider Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5640) |
| 150960 | WordPress Market Explorer Plugin: Unauthorized Loss of Data Vulnerability (CVE-2024-5637) |
| 150963 | WordPress Gamipress – Link Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5536) |
| 150964 | SolarWinds Serv-U Directory Transversal Vulnerability (CVE-2024-28995) |
| 150965 | WordPress XStore Theme: SQL Injection Vulnerability (CVE-2024-33559) |
| 150966 | Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358) |
| 150967 | JetBrains TeamCity Multiple Cross-Site Scripting (XSS) Vulnerabilities |
| 150968 | JetBrains TeamCity Access Control Vulnerabilities (CVE-2024-36362, CVE-2024-36365) |
| 150969 | JetBrains TeamCity Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2024-36371) |
| 150970 | JetBrains TeamCity Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2024-36372) |
| 150971 | JetBrains TeamCity Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities (CVE-2024-36373, CVE-2024-36374) |
| 150972 | JetBrains TeamCity User Permissions Vulnerabilities (CVE-2024-36376, CVE-2024-36377) |
| 150973 | JetBrains TeamCity Denial of Service (DoS) Vulnerability (CVE-2024-36378) |
| 150974 | JetBrains TeamCity Authentication Bypass Vulnerability (CVE-2024-36470) |
| 150975 | JetBrains TeamCity Improper Access Control Vulnerability (CVE-2024-36364) |
| 150976 | WordPress Master Addons Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5542) |
| 150977 | WordPress Photo Gallery by 10Web Plugin: Path Traversal Vulnerability (CVE-2024-5481) |
| 150978 | WordPress WP-Recall Plugin: SQL Injection Vulnerability (CVE-2024-32709) |
| 150979 | JetBrains TeamCity Information Exposure Vulnerability (CVE-2024-36375) |
| 150984 | WordPress Custom Font Uploader Plugin: Unauthorized Loss of Data Vulnerability (CVE-2024-5489) |
| 150985 | WordPress Tutor LMS Plugin: Insecure Direct Object Reference(IDOR) Vulnerability (CVE-2024-5438) |
| 150987 | WordPress Dark Mode Plugin: Unauthorized modification of Data Vulnerability (CVE-2024-5449) |
| 150988 | WordPress Yoast SEO Plugin: Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2024-4041) |
| 150989 | WordPress ePoll Plugin: Arbitrary File Upload Vulnerability (CVE-2024-32514) |
| 150990 | OpenCMS Cross-Site Scripting (XSS) Vulnerabilities (CVE-2024-5520, CVE-2024-5521) |
| 150991 | Apache ActiveMQ Insecure Web API Configuration Vulnerability (CVE-2024-32114) |
QID 150911: WordPress Bold Page Builder Plugin Vulnerable to Stored Cross-Site Scripting (CVE-2024-2735)
| CVE-ID | CVE-2024-2735 |
| Severity | Level 3 |
| CVSS 3.1 | 6.4 |
| CWE-ID | 79 |
| Affected Versions | Bold Page Builder plugin before, and including 4.8.8 |
Description:
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross Site Scripting via the ‘Price List’ element in all versions due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Successful exploitation of this vulnerability makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Customers are advised to upgrade to Bold Page Builder Plugin 4.8.9 or a later version to remediate this vulnerability.
QID 150913: WordPress Thim Elementor Kit Plugin: Stored Cross-Site Scripting(CVE-2024-4329)
| CVE-ID | CVE-2024-4329 |
| Severity | Level 3 |
| CVSS 3.1 | 6.4 |
| CWE-ID | 79 |
| Affected Versions | WP Thim Elementor Kit plugin before 1.1.9.1 |
Description:
The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the “id” parameter in all versions up to and including 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Successful exploitation of this vulnerability makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Customers are advised to upgrade to WP Thim Elementor Kit Plugin 1.1.9.1 or a later version to remediate this vulnerability.
QID 150914: WordPress Spectra Pro Plugin: Privilege Escalation(CVE-2024-3828)
| CVE-ID | CVE-2024-3828 |
| Severity | Level 4 |
| CVSS 3.1 | 8.8 |
| CWE-ID | 269 |
| Affected Versions | WP Spectra Pro plugin before and, including 1.1.5 |
Description:
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator. Successful exploitation of this vulnerability makes it possible for lower-privileged users to create registration forms and set the default role to administrator.
Customers are advised to upgrade to WP Spectra Pro plugin 1.1.6 or a later version to remediate this vulnerability.
QID 150921: WordPress Kognetiks Chatbot Plugin: Unautheticated Arbitrary File Upload(CVE-2024-4329)
| CVE-ID | CVE-2024-4560 |
| Severity | Level 4 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 434 |
| Affected Versions | WP Kognetiks Chatbot plugin before, and including 1.9.9 |
Description:
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload arbitrary files on the affected site’s server which may make remote code execution possible.
Customers are advised to upgrade to WP Kognetiks Chatbot plugin 2.0.0 or a later version to remediate this vulnerability.
QID 150923: WordPress Plugin Hotel Booking Lite : PHP Object Injection (CVE-2024-4413)
| CVE-ID | CVE-2024-4413 |
| Severity | Level 3 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 502 |
| Affected Versions | WP Hotel Booking Lite plugin before and, including 4.11.1 |
Description:
The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Customers are advised to upgrade to WP Hotel Booking Lite plugin 4.11.2 or a later version to remediate this vulnerability.
QID 150924: WordPress Plugin Unlimited Elements For Elementor: SQL Injection (CVE-2024-3055)
| CVE-ID | CVE-2024-3055 |
| Severity | Level 4 |
| CVSS 3.1 | 8.8 |
| CWE-ID | 89 |
| Affected Versions | WP Unlimited Elements For Elementor plugin before, and including 1.5.102 |
Description:
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Customers are advised to upgrade to WP Unlimited Elements For Elementor plugin1.5.105 or a later version to remediate this vulnerability.
QID 150925: WordPress Plugin Unlimited Elements For Elementor : Command Injection (CVE-2024-2662)
| CVE-ID | CVE-2024-2662 |
| Severity | Level 3 |
| CVSS 3.1 | 7.2 |
| CWE-ID | 78 |
| Affected Versions | WP Unlimited Elements For Elementor plugin before, and including 1.5.102 |
Description:
The Unlimited Elements For Elementor (Free Widgets, Addons) plugin for WordPress is vulnerable to command injection. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets. This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server. Successful exploitation of this vulnerability could allow authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server.
Customers are advised to upgrade to WP Unlimited Elements For Elementor plugin1.5.105 or a later version to remediate this vulnerability.
QID 150926 : WordPress LMS Plugin : Unauthenticated Time-Based SQL Injection (CVE-2024-4434)
| CVE-ID | CVE-2024-4434 |
| Severity | Level 4 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 89 |
| Affected Versions | WP LearnPress plugin before, and including 4.2.6.5 |
Description:
The LearnPress WordPress LMS Plugin is vulnerable to time-based SQL Injection via the ‘term_id’ parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Successful exploitation of this vulnerability could allow unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Customers are advised to upgrade to WP Learnpress plugin 4.2.6.6 or a later version to remediate this vulnerability.
QID 150927: WordPress LMS Plugin: Arbitrary File Upload Vulnerability ( CVE-2024-4397)
| CVE-ID | CVE-2024-4397 |
| Severity | Level 4 |
| CVSS 3.1 | 8.8 |
| CWE-ID | 434 |
| Affected Versions | WordPress LMS Plugin before 4.2.6.6 |
Description:
The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘save_post_materials’ function. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site’s server, which may make remote code execution possible.
Successful exploitation of this vulnerability makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site’s server, which may make remote code execution possible.
Customers are advised to upgrade to LearnPress plugin 4.2.6.6 or a later version to remediate this vulnerability.
QID 150932: WordPress user_login Column SQL Truncation Vulnerability (CVE-2008-4106)
| CVE-ID | CVE-2008-4106 |
| Severity | Level 4 |
| CVSS 3.1 | 8.1 |
| CWE-ID | 20 |
| Affected Versions | WordPress prior to version 2.6.2 |
Description:
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user’s password to a random value by registering a similar username and then requesting a password reset, related to a “SQL column truncation vulnerability.”
Successful exploitation of this vulnerability makes it possible for remote attackers to change an arbitrary user’s password to a random value by registering a similar username and then requesting a password reset, related to a “SQL column truncation vulnerability.”
Customers are advised to upgrade to WordPress 2.6.2 or a later version to remediate this vulnerability. WordPress provides step-by-step instructions for installing and upgrading to the latest version.
QID 150933: Shortcodes WordPress Plugin Vulnerable Stored XSS (CVE-2024-2583)
| CVE-ID | CVE-2024-2583 |
| Severity | Level 3 |
| CVSS 3.1 | 6.4 |
| CWE-ID | 79 |
| Affected Versions | WP Shortcodes Ultimate plugin before 7.0.5 |
Description:
The WP Shortcodes Plugin Shortcodes Ultimate WordPress plugin does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.
Successful exploitation of this vulnerability makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Customers are advised to upgrade to WP Shortcodes plugin 7.0.5 or a later version to remediate this vulnerability.
QID 150943: Cacti Command Injection Vulnerability (CVE-2024-29895)
| CVE-ID | CVE-2024-29895 |
| Severity | Level 5 |
| CVSS 3.1 | 10 |
| CWE-ID | 77 |
| Affected Versions | Cacti version 1.3.x DEV |
Description:
A command injection vulnerability allows any unauthenticated user to execute arbitrary command on the server when register_argc_argv option of PHP is On.
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system.
Customers are advised to upgrade Cacti to the latest version to remediate this vulnerability. For more information regarding this vulnerability, please refer to the Cacti Security Advisory.
QID 150944: WordPress HTML5 Video Player Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-1061)
| CVE-ID | CVE-2024-1061 |
| Severity | Level 5 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 89 |
| Affected Versions | HTML5 Video Player prior to version 2.5.25 |
Description:
The ‘HTML5 Video Player’ WordPress Plugin is affected by an unauthenticated SQL injection vulnerability in the ‘id’ parameter in the ‘get_view’ function.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary SQL queries on the target system. Customers are advised to upgrade HTML5 Video Player to version 2.5.25 or later to remediate this vulnerability.
QID 150945: WordPress HTML5 Video Player Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-5522)
| CVE-ID | CVE-2024-5522 |
| Severity | Level 5 |
| CVSS 3.1 | 10 |
| CWE-ID | 89 |
| Affected Versions | HTML5 Video Player prior to version 2.5.27 |
Description:
The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary SQL queries on the target system. Customers are advised to upgrade HTML5 Video Player to version 2.5.27 or later to remediate this vulnerability.
QID 150946: Apache HugeGraph-Server Command Execution Vulnerability (CVE-2024-27348)
| CVE-ID | CVE-2024-27348 |
| Severity | Level 5 |
| CVSS 3.1 | 10 |
| CWE-ID | 78 |
| Affected Versions | Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 and Java11 |
Description:
Apache HugeGraph is an easy-to-use, efficient, general-purpose open-source graph database system. Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system. Customers are advised to upgrade to Apache HugeGraph version 1.3.0 or later to remediate this vulnerability. For more information, please refer to the Security Advisory.
QID 150947: Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)
| CVE-ID | CVE-2024-24919 |
| Severity | Level 4 |
| CVSS 3.1 | 8.6 |
| CWE-ID | 200 |
| Affected Versions | Check Point Security Gateway |
Description:
Check Point Security Gateway is a hardware or virtual appliance that enforces network security policies, including firewall, VPN, and intrusion prevention capabilities. The vulnerability allows an unauthenticated remote attacker to read the contents of an arbitrary file located on the affected appliance. The vulnerability allows an unauthenticated remote attacker to read the contents of an arbitrary file located on the affected appliance.
The vendor has released a patch addressing the vulnerability. Customers are advised to refer to the Check Point Security Advisory for more information regarding this vulnerability.
QID 150948: WordPress Business Card Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-4530)
| CVE-ID | CVE-2024-4530 |
| Severity | Level 4 |
| CVSS 3.1 | 8.8 |
| CWE-ID | 352 |
| Affected Versions | Business Card WordPress plugin, including 1.0.0 |
Description:
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions, such as editing card categories via CSRF attacks.
Successful exploitation of this vulnerability makes it possible for attackers to make logged-in users perform unwanted actions, such as editing card categories via CSRF attacks.
QID 150949: WordPress KKProgressbar2 Plugin: SQL Injection Vulnerability (CVE-2024-4533)
| CVE-ID | CVE-2024-4533 |
| Severity | Level 4 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 89 |
| Affected Versions | KKProgressbar2 WordPress plugin before, and including 1.1.4.2 |
Description:
The KKProgressbar2 Free WordPress plugin does not sanitize and escape a parameter before using it in an SQL statement, allowing admin users to perform SQL injection attacks.
Successful exploitation of this vulnerability makes it possible for authenticated attackers with admin-level permissions to perform SQL injection attacks.
QID 150950: WordPress Kognetiks Chatbot Plugin: Arbitrary File Upload Vulnerability (CVE-2024-32700)
| CVE-ID | CVE-2024-32700 |
| Severity | Level 4 |
| CVSS 3.1 | 10 |
| CWE-ID | 434 |
| Affected Versions | WP Kognetiks Chatbot plugin before, and including 2.0.0 |
Description:
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload arbitrary files on the affected site’s server which may make remote code execution possible.
QID 150952: WordPress Contact Form Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-4709)
| CVE-ID | CVE-2024-4709 |
| Severity | Level 3 |
| CVSS 3.1 | 7.2 |
| CWE-ID | 79 |
| Affected Versions | WordPress Contact Form Plugin before, and including 5.1.16 |
Description:
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross Site Scripting via the ‘subject’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Successful exploitation of this vulnerability makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Customers are advised to upgrade to WP Contact Form Plugin 5.1.17 or a later version to remediate this vulnerability.
QID 150953: Casgate Improper Authorization Vulnerability (CVE-2024-36108)
| CVE-ID | CVE-2024-36108 |
| Severity | Level 4 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 285 |
| Affected Versions | Casgate before 0.1.0 |
Description:
Casgate is an Open Source Identity and Access Management system. In affected versions, `casgate` allows remote unauthenticated attackers to obtain sensitive information via GET request to an API endpoint. An attacker could use the `id` parameter of GET requests with the value `anonymous/ anonymous` to bypass authorization on certain API endpoints. Successful exploitation of the vulnerability could lead to account takeover, privilege escalation, or provide an attacker with credential to other services.
The vendor has released a patch addressing the vulnerability. Customers are advised to refer to Casgate Security Advisory for more information regarding this vulnerability.
QID 150954: PHP CGI Argument Injection Vulnerability (CVE-2024-4577)
| CVE-ID | CVE-2024-4577 |
| Severity | Level 5 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 20 |
| Affected Versions | PHP 8.3 before 8.3.8 PHP 8.2 before 8.2.20 All Versions of PHP before 8.1.29 |
Description:
PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.
While implementing PHP, it was not noticed that the Best-Fit feature of encoding conversion within the Windows operating system could be exploited. This oversight allows unauthenticated attackers to bypass the protection of CVE-2012-1823 using specific character sequences. As a result, arbitrary code can be executed on remote PHP servers through an argument injection attack.
A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.
Customers are advised to upgrade to the PHP versions of 8.3.8, 8.2.20, 8.1.29, or the latest version of PHP.
QID 150956: Apache OFBiz Path Traversal Vulnerability (CVE-2024-36104)
| CVE-ID | CVE-2024-36104 |
| Severity | Level 5 |
| CVSS 3.1 | 8.6 |
| CWE-ID | 22 |
| Affected Versions | Apache OFBiz: before 18.12.14. |
Description:
Apache OFBiz is an open-source enterprise resource planning system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Apache OFBiz. Successful exploitation of the vulnerability may allow remote attackers to read sensitive files on the target server. Also, path traversal can lead to a remote code execution vulnerability.
Customers are advised to upgrade Apache OFBiz to the latest version to remediate this vulnerability. For more information regarding this vulnerability, please refer to the Apache OFBiz Advisory.
QID 150957: WordPress Open Graph Plugin: Sensitive Information Exposure Vulnerability (CVE-2024-5615)
| CVE-ID | CVE-2024-5615 |
| Severity | Level 3 |
| CVSS 3.1 | 5.3 |
| CWE-ID | 200 |
| Affected Versions | WP Open Graph plugin before, and including 1.11.2 |
Description:
The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure via the ‘opengraph_default_description’ function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of password-protected blog posts.
Successful exploitation of this vulnerability could allow unauthenticated attackers to extract sensitive data, including partial content of password-protected blog posts. Customers are advised to upgrade to WP Open Graph plugin 1.11.3 or a later version to remediate this vulnerability.
QID 150959: WordPress Prime Slider Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5640)
| CVE-ID | CVE-2024-5640 |
| Severity | Level 3 |
| CVSS 3.1 | 6.4 |
| CWE-ID | 79 |
| Affected Versions | WP Prime Slider plugin before, and including 3.14.7 |
Description:
The Prime Slider Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross Site Scripting via the ‘id’ attribute within the Pacific widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Successful exploitation of this vulnerability could allow authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Customers are advised to upgrade to WP Prime Slider 3.14.8 or a later version to remediate this vulnerability.
QID 150960: WordPress Market Explorer Plugin: Unauthorized Loss of Data Vulnerability (CVE-2024-5637)
| CVE-ID | CVE-2024-5637 |
| Severity | Level 4 |
| CVSS 3.1 | 8.1 |
| CWE-ID | 22 |
| Affected Versions | WP Market Exporter plugin before, and including 2.0.19 |
Description:
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘remove_files’ function. This makes it possible for authenticated attackers, with Subscriber level access and above, to use path traversal to delete arbitrary files on the server.
Successful exploitation of this vulnerability could allow authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server. Customers are advised to upgrade to WP Market Exporter 2.0.20 or a later version to remediate this vulnerability.
QID 150963: WordPress Gamipress – Link Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5536)
| CVE-ID | CVE-2024-5536 |
| Severity | Level 3 |
| CVSS 3.1 | 5.4 |
| CWE-ID | 79 |
| Affected Versions | WP GamiPress plugin before, and including 1.1.4 |
Description:
The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s gamipress_link shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Successful exploitation of this vulnerability could allow authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Customers are advised to upgrade to WP GamiPress 1.1.5 or a later version to remediate this vulnerability.
QID 150964: SolarWinds Serv-U Directory Transversal Vulnerability (CVE-2024-28995)
| CVE-ID | CVE-2024-28995 |
| Severity | Level 4 |
| CVSS 3.1 | 7.5 |
| CWE-ID | 22 |
| Affected Versions | SolarWinds Serv-U 15.4.2 HF1 and earlier |
Description:
SolarWinds Serv-U Managed File Transfer Server is a versatile, easy-to-deploy solution that integrates well into existing infrastructure. It allows us to meet all our compliance requirements and ensures peace of mind for file transfers. SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. Successful exploitation of this vulnerability may allow remote attackers access to read sensitive files on the host machine.
Customers are advised to upgrade to SolarWinds Serv-U 15.4.2 HF 2 or later. For more information, please refer to the Serv-U 15.4.2 Security Advisory.
QID 150965: WordPress XStore Theme: SQL Injection Vulnerability (CVE-2024-33559)
| CVE-ID | CVE-2024-33559 |
| Severity | Level 4 |
| CVSS 3.1 | 9.3 |
| CWE-ID | 89 |
| Affected Versions | WordPress XStore theme before 9.3.9 |
Description:
The XStore WordPress theme is a versatile and feature-rich WooCommerce theme designed for creating highly customizable eCommerce websites. Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 8theme XStore allows SQL Injection.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary SQL queries on the target system.
Customers are advised to upgrade to XStore Theme 9.3.4 or a later version to remediate this vulnerability.
QID 150966: Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)
| CVE-ID | CVE-2024-4358 |
| Severity | Level 4 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 290 |
| Affected Versions | Telerik Report Server 2024 Q1 (10.0.24.305) and earlier |
Description:
Telerik Report Server can be used as a report management solution or integrated easily with your application. Telerik Report Server contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report Server restricted functionality.
Successful exploitation allows an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report Server restricted functionality. Customers are advised to upgrade to Telerik Report Server version 2024 Q2 (10.1.24.514) or later versions to remediate this vulnerability. For more information, please refer to Telerik Report Server.
QID 150967: JetBrains TeamCity Multiple Cross-Site Scripting (XSS) Vulnerabilities
| CVE-ID | CVE-2024-36363, CVE-2024-36366, CVE-2024-36367, CVE-2024-36368, CVE-2024-36369, CVE-2024-36370 |
| Severity | Level 3 |
| CVSS 3.1 | 5.4 |
| CWE-ID | 79 |
| Affected Versions | JetBrains TeamCity prior to version 2022.04.7 JetBrains TeamCity prior to version 2022.10.6 JetBrains TeamCity prior to version 2023.05.6 JetBrains TeamCity prior to version 2023.11.5 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by Multiple Cross-Site Scripting (XSS) Vulnerabilities:
CVE-2024-36363: Several Stored XSS in code inspection reports were possible.
CVE-2024-36366: An XSS could be executed via certain report grouping and filtering operations.
CVE-2024-36367: Stored XSS via third-party reports was possible.
CVE-2024-36368: Reflected XSS via OAuth provider configuration was possible.
CVE-2024-36369: Stored XSS via issue tracker integration was possible.
CVE-2024-36370: Stored XSS via OAuth connection settings was possible.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150968: JetBrains TeamCity Access Control Vulnerabilities (CVE-2024-36362, CVE-2024-36365)
| CVE-ID | CVE-2024-36362, CVE-2024-36365 |
| Severity | Level 3 |
| CVSS 3.1 | 6.8 |
| CWE-ID | 23 ,863 |
| Affected Versions | JetBrains TeamCity prior to version 2022.04.7 JetBrains TeamCity prior to version 2022.10.6 JetBrains TeamCity prior to version 2023.05.6 JetBrains TeamCity prior to version 2023.11.5 JetBrains TeamCity prior to version 2024.03.2 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by Multiple Vulnerabilities:
CVE-2024-36362: Path traversal allowing to read files from the server was possible.
CVE-2024-36365: A third-party agent could impersonate a cloud agent.
Successful exploitation of these vulnerabilities could compromise the Confidentiality and Integrity of the target system. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150969: JetBrains TeamCity Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2024-36371)
| CVE-ID | CVE-2024-36371 |
| Severity | Level 3 |
| CVSS 3.1 | 4.6 |
| CWE-ID | 79 |
| Affected Versions | JetBrains TeamCity prior to version 2023.05.6 JetBrains TeamCity prior to version 2023.11.5 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by a Stored Cross-Site Scripting (XSS) Vulnerability:
CVE-2024-36371: Stored XSS in Commit status publisher was possible.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150970: JetBrains TeamCity Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2024-36372)
| CVE-ID | CVE-2024-36372 |
| Severity | Level 3 |
| CVSS 3.1 | 4.6 |
| CWE-ID | 79 |
| Affected Versions | JetBrains TeamCity prior to version 2023.05.6 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by a Reflected Cross-Site Scripting (XSS) Vulnerability:
CVE-2024-36372: Reflected XSS on the subscriptions page was possible.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150971: JetBrains TeamCity Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities (CVE-2024-36373, CVE-2024-36374)
| CVE-ID | CVE-2024-36373, CVE-2024-36374 |
| Severity | Level 3 |
| CVSS 3.1 | 4.6 |
| CWE-ID | 79 |
| Affected Versions | JetBrains TeamCity prior to version 2024.03.2 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities:
CVE-2024-36373: Several stored XSS in untrusted builds settings were possible.
CVE-2024-36374: Stored XSS via build step settings was possible.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150972: JetBrains TeamCity User Permissions Vulnerabilities (CVE-2024-36376, CVE-2024-36377)
| CVE-ID | CVE-2024-36376,CVE-2024-36377 |
| Severity | Level 3 |
| CVSS 3.1 | 6.5 |
| CWE-ID | 863 |
| Affected Versions | JetBrains TeamCity prior to version 2024.03.2 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by Multiple Vulnerabilities:
CVE-2024-36376: Users could perform actions that should not be available to them based on their permissions.
CVE-2024-36377: Certain TeamCity API endpoints did not check user permissions.
Successful exploitation of these vulnerabilities could allow users to execute actions or access data without appropriate permission checks. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150973: JetBrains TeamCity Denial of Service (DoS) Vulnerability (CVE-2024-36378)
| CVE-ID | CVE-2024-36378 |
| Severity | Level 3 |
| CVSS 3.1 | 5.9 |
| CWE-ID | 770 |
| Affected Versions | JetBrains TeamCity prior to version 2024.03.2 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by a Denial of Service Vulnerability:
CVE-2024-36378: Server was susceptible to DoS attacks with incorrect auth tokens.
Successful exploitation of this vulnerability could allow an attacker to introduce Denial of Service (DoS) condition by sending incorrect auth tokens. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150974: JetBrains TeamCity Authentication Bypass Vulnerability (CVE-2024-36470)
| CVE-ID | CVE-2024-36470 |
| Severity | Level 4 |
| CVSS 3.1 | 8.1 |
| CWE-ID | 288 |
| Affected Versions | JetBrains TeamCity prior to version 2022.04.7 JetBrains TeamCity prior to version 2022.10.6 JetBrains TeamCity prior to version 2023.05.6 JetBrains TeamCity prior to version 2023.11.5 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by an Authentication Bypass Vulnerability:
CVE-2024-36470: Authentication bypass was possible in specific edge cases even when the security patch plugin is installed.
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to TeamCity, potentially compromising its security and data integrity. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150975: JetBrains TeamCity Improper Access Control Vulnerability (CVE-2024-36364)
| CVE-ID | CVE-2024-36364 |
| Severity | Level 3 |
| CVSS 3.1 | 6.5 |
| CWE-ID | 863 |
| Affected Versions | JetBrains TeamCity prior to version 2022.04.7 JetBrains TeamCity prior to version 2022.10.6 JetBrains TeamCity prior to version 2023.05.6 JetBrains TeamCity prior to version 2023.11.5 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by a Security Vulnerability:
CVE-2024-36364: Improper access control in Pull Requests and Commit status publisher build features was possible.
Successful exploitation of this vulnerability could compromise the Confidentiality of the target system. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150976: WordPress Master Addons Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5542)
| CVE-ID | CVE-2024-5542 |
| Severity | Level 3 |
| CVSS 3.1 | 6.1 |
| CWE-ID | 79 |
| Affected Versions | WP Master Addons plugin before, and including 2.0.6.1 |
Description:
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin’s Mega Menu extension due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Successful exploitation of this vulnerability could allow unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Customers are advised to upgrade to WP Master Addons 2.0.6.2 or a later version to remediate this vulnerability.
QID 150977: WordPress Photo Gallery by 10 Web Plugin: Path Traversal Vulnerability (CVE-2024-5481)
| CVE-ID | CVE-2024-5481 |
| Severity | Level 4 |
| CVSS 3.1 | 8.8 |
| CWE-ID | 22 |
| Affected Versions | WP Photo gallery plugin before, and including 1.8.23 |
Description:
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin’s Mega Menu extension due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Customers are advised to upgrade to WP Photo Gallery 1.8.24 or a later version to remediate this vulnerability.
QID 150978: WordPress WP-Recall Plugin: SQL Injection Vulnerability (CVE-2024-32709)
| CVE-ID | CVE-2024-32709 |
| Severity | Level 5 |
| CVSS 3.1 | 9.3 |
| CWE-ID | 89 |
| Affected Versions | WordPress WP-Recall Plugin before 16.26.6 |
Description:
WP-Recall is a WordPress plugin designed to enhance user interaction and engagement on your website.
The WP-Recall plugin for WordPress is vulnerable to SQL Injection due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL queries on the target system. Customers are advised to upgrade to WP-Recall 16.26.6 or a later version to remediate this vulnerability.
QID 150979: JetBrains TeamCity Information Exposure Vulnerability (CVE-2024-36375)
| CVE-ID | CVE-2024-36375 |
| Severity | Level 3 |
| CVSS 3.1 | 5.3 |
| CWE-ID | 209 |
| Affected Versions | JetBrains TeamCity prior to version 2024.03.2 |
Description:
TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.
JetBrains TeamCity is affected by an Information Exposure Vulnerability:
CVE-2024-36375: Technical information regarding the TeamCity server could be exposed.
Successful exploitation of this vulnerability could expose potentially sensitive Technical Information regarding the TeamCity server. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.
QID 150984: WordPress Custom Font Uploader Plugin: Unauthorized Loss of Data Vulnerability (CVE-2024-5489)
| CVE-ID | CVE-2024-5489 |
| Severity | Level 2 |
| CVSS 3.1 | 4.3 |
| CWE-ID | 284 |
| Affected Versions | WP Custom Font Uploader plugin before, and including 2.3.4 |
Description:
The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘cfu_delete_customfont’ function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font.
Successful exploitation of this vulnerability could allow authenticated attackers with Subscriber-level access and above, to delete any custom font. Customers are advised to upgrade to the WP Custom Font Uploader plugin 2.4.0 or a later version to remediate this vulnerability.
QID 150985: WordPress Tutor LMS Plugin: Insecure Direct Object Reference(IDOR) Vulnerability (CVE-2024-5438)
| CVE-ID | CVE-2024-5438 |
| Severity | Level 3 |
| CVSS 3.1 | 4.3 |
| CWE-ID | 639 |
| Affected Versions | WP Tutor LMS plugin before, and including 2.7.1 |
Description:
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference via the ‘attempt_delete’ function due to missing validation on a user-controlled key. This makes it possible for authenticated attackers, with Instructor-level access and above, to delete arbitrary quiz attempts.
Successful exploitation of this vulnerability could allow authenticated attackers with Instructor-level access and above to delete arbitrary quiz attempts. Customers are advised to upgrade to WP Tutor LMS plugin 2.7.2 or a later version to remediate this vulnerability.
QID 150987: WordPress Dark Mode Plugin: Unauthorized modification of Data Vulnerability (CVE-2024-5449)
| CVE-ID | CVE-2024-5449 |
| Severity | Level 3 |
| CVSS 3.1 | 4.3 |
| CWE-ID | 285 |
| Affected Versions | WP Dark Mode plugin before, and including 5.0.4 |
Description:
The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s settings.
Successful exploitation of this vulnerability could allow authenticated attackers with Subscriber-level access and above, to update the plugin’s settings. Customers are advised to upgrade WP Dark Mode plugin 5.0.5 to a later version to remediate this vulnerability.
QID 150988: WordPress Yoast SEO Plugin: Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2024-4041)
| CVE-ID | CVE-2024-4041 |
| Severity | Level 3 |
| CVSS 3.1 | 6.1 |
| CWE-ID | 79 |
| Affected Versions | Yoast SEO prior to version 22.6 |
Description:
Yoast SEO is a WordPress plugin that helps optimize WordPress sites for search engines by providing tools for improving content SEO, readability, and overall site structure.
The affected version of the Yoast SEO plugin is vulnerable to a Reflected Cross-Site Scripting (XSS) Vulnerability.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade Yoast SEO to version 22.6 or later to remediate this vulnerability. For more information pertaining to this vulnerability, please refer to the Yoast SEO Changelog.
QID 150989: WordPress ePoll Plugin: Arbitrary File Upload Vulnerability (CVE-2024-32514)
| CVE-ID | CVE-2024-32514 |
| Severity | Level 5 |
| CVSS 3.1 | 9.9 |
| CWE-ID | 434 |
| Affected Versions | ePoll up to version 3.4 |
Description:
ePoll is a WordPress plugin that helps to create polls and conduct voting contests or online elections easily on a WordPress site.
The affected version of ePoll plugin is vulnerable to an Arbitrary File Upload Vulnerability. Successful exploitation of this vulnerability could allow an attacker to upload Arbitrary Files on the affected site’s server, which could potentially lead to Remote Code Execution. Customers are advised to contact the vendor for patch details. Please refer to the ePoll Plugin page.
QID 150990: OpenCMS Cross-Site Scripting (XSS) Vulnerabilities (CVE-2024-5520, CVE-2024-5521)
| CVE-ID | CVE-2024-5520, CVE-2024-5521 |
| Severity | Level 3 |
| CVSS 3.1 | 6.4 |
| CWE-ID | 79 |
| Affected Versions | OpenCMS version 16 |
Description:
OpenCMS from Alkacon Software is a professional, easy-to-use website content management system (CMS) based on Java and XML technology.
OpenCMS is affected by Two Cross-Site Scripting vulnerabilities:
CVE-2024-5520: A user with sufficient privileges to create and modify web pages through the admin panel can execute malicious JavaScript code after inserting code in the ‘title’ field.
CVE-2024-5521: A user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.
Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information. Customers are advised to upgrade to OpenCMS 17 to remediate this vulnerability.
QID 150991: Apache ActiveMQ Insecure Web API Configuration Vulnerability (CVE-2024-32114)
| CVE-ID | CVE-2024-32114 |
| Severity | Level 4 |
| CVSS 3.1 | 8.5 |
| CWE-ID | 1188 |
| Affected Versions | Apache ActiveMQ 6.x before 6.1.2 |
Description:
Apache ActiveMQ is a popular open-source, multi-protocol, Java-based message broker.
In Apache ActiveMQ 6.x, the default configuration doesn’t secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API).
Successful exploitation of this vulnerability could allow an unauthenticated attacker to interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API). Customers are advised to upgrade to Apache ActiveMQ 6.1.2 or later to remediate this vulnerability. For more information pertaining to this vulnerability, please refer to the Apache ActiveMQ Security Advisory.
