CVE-2024-8521 : WAVELOG UP TO 1.8.0 LIVE QSO /QSO INDEX MANUAL CROSS SITE SCRIPTING

Description

A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.

References

VDB-276726 | Wavelog Live QSO qso index cross site scripting

VDB-276726 | CTI Indicators (IOB, IOC, TTP, IOA)

Wavelog 1.8 Cross Site Scripting

https://github.com/wavelog/wavelog/pull/744

https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521

https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e

https://github.com/wavelog/wavelog/releases/tag/1.8.1

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-41761 : IBM DB2/DB2 CONNECT SERVER 10.5/11.1/11.5 QUERY MEMORY ALLOCATION

CVE-2024-41761 : IBM DB2/DB2 CONNECT SERVER 10.5/11.1/11.5 QUERY MEMORY ALLOCATION

Description IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a

CVE-2024-50657 : OWNCLOUD 4.3.1 ON ANDROID CHECKPASSCODELSVALID LOCAL PRIVILEGE ESCALATION

CVE-2024-50657 : OWNCLOUD 4.3.1 ON ANDROID CHECKPASSCODELSVALID LOCAL PRIVILEGE ESCALATION

Description An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class,

CVE-2024-45663 : IBM DB2/DB2 CONNECT SERVER 11.1/11.5 QUERY DENIAL OF SERVICE

CVE-2024-45663 : IBM DB2/DB2 CONNECT SERVER 11.1/11.5 QUERY DENIAL OF SERVICE

Description IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial