CVE-2024-10896

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-78
View all →

Vulnerability Description

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting

Related Vulnerabilities

CVE-2020-11084

MEDIUM
CVSS:5.4(Medium)

In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any...

CWE-782020

CVE-2021-32475

MEDIUM
CVSS:5.4(Medium)

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported ve...

CWE-782021

CVE-2025-20194

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. ...

CWE-782025

CVE-2016-6459

MEDIUM
CVSS:5.5(Medium)

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CS...

CWE-782016

CVE-2016-7844

MEDIUM
CVSS:5.5(Medium)

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.

CWE-782016

CVE-2019-14337

MEDIUM
CVSS:5.5(Medium)

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin...

CWE-782019