A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference.
This vulnerability is handled as CVE-2025-2365. The attack may be launched remotely. Furthermore, there is an exploit available.
A vulnerability was found in SiteOrigin Widgets Bundle up to 1.62.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Image Grid Widget. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-5901. The attack can be launched remotely. There is no exploit available.
A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-7284. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting.
This vulnerability was named CVE-2024-7285. The attack can be initiated remotely. Furthermore, there is an exploit available.
A vulnerability has been found in Discourse up to 3.2.4/3.3.0.beta4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation of the argument allowed_iframes leads to injection.
This vulnerability is known as CVE-2024-39320. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
A vulnerability was found in Discourse up to 3.2.2/3.3.0.beta2. It has been classified as problematic. This affects an unknown part of the component Onebox Data Handler. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-37165. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.