CVE-2024-1451 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.9.0 USER PROFILE PAGE CROSS SITE SCRIPTING

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims.”

References

https://gitlab.com/gitlab-org/gitlab/-/issues/441457

https://hackerone.com/reports/2371126

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-45252 : ELSIGHT HALO PRIOR 11.9.4.0 OS COMMAND INJECTION

CVE-2024-45252 : ELSIGHT HALO PRIOR 11.9.4.0 OS COMMAND INJECTION

Description Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) References https://www.gov.il/en/Departments/faq/cve_advisories For

CVE-2024-47350 : YITH WOOCOMMERCE AJAX SEARCH PLUGIN UP TO 2.8.0 ON WORDPRESS SQL INJECTION

CVE-2024-47350 : YITH WOOCOMMERCE AJAX SEARCH PLUGIN UP TO 2.8.0 ON WORDPRESS SQL INJECTION

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in YITH YITH WooCommerce Ajax Search

CVE-2024-9560 : ESAFENET CDG V5 CATELOGS;LOGINDOJOJS DELCATELOGS ID SQL INJECTION

CVE-2024-9560 : ESAFENET CDG V5 CATELOGS;LOGINDOJOJS DELCATELOGS ID SQL INJECTION

Description A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is