CVE-2024-8521 : WAVELOG UP TO 1.8.0 LIVE QSO /QSO INDEX MANUAL CROSS SITE SCRIPTING

Description

A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.

References

VDB-276726 | Wavelog Live QSO qso index cross site scripting

VDB-276726 | CTI Indicators (IOB, IOC, TTP, IOA)

Wavelog 1.8 Cross Site Scripting

https://github.com/wavelog/wavelog/pull/744

https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521

https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e

https://github.com/wavelog/wavelog/releases/tag/1.8.1

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)

CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could

CVE-2024-50340 : SYMFONY INJECTION

CVE-2024-50340 : SYMFONY INJECTION

Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the