CVE-2024-8521 : WAVELOG UP TO 1.8.0 LIVE QSO /QSO INDEX MANUAL CROSS SITE SCRIPTING

Description

A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.

References

VDB-276726 | Wavelog Live QSO qso index cross site scripting

VDB-276726 | CTI Indicators (IOB, IOC, TTP, IOA)

Wavelog 1.8 Cross Site Scripting

https://github.com/wavelog/wavelog/pull/744

https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521

https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e

https://github.com/wavelog/wavelog/releases/tag/1.8.1

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-32608 : HDF5 UP TO 1.14.3 H5A__CLOSE MEMORY CORRUPTION

CVE-2024-32608 : HDF5 UP TO 1.14.3 H5A__CLOSE MEMORY CORRUPTION

Description HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing

CVE-2024-45160 : LEMONLDAP::NG UP TO 2.19.1 OAUTH2 CLIENT AUTHENTICATION CLIENT_PASSWORD IMPROPER AUTHENTICATION

CVE-2024-45160 : LEMONLDAP::NG UP TO 2.19.1 OAUTH2 CLIENT AUTHENTICATION CLIENT_PASSWORD IMPROPER AUTHENTICATION

Description Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an

CVE-2024-45179 : ZA-INTERNET C-MOR VIDEO SURVEILLANCE 5.2401/6.00PL01 WEB INTERFACE SETTIMEZONE.PML CITY OS COMMAND INJECTION

CVE-2024-45179 : ZA-INTERNET C-MOR VIDEO SURVEILLANCE 5.2401/6.00PL01 WEB INTERFACE SETTIMEZONE.PML CITY OS COMMAND INJECTION

Description An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR