CVE-2024-37678

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-78
View all →

Vulnerability Description

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script.

Related Vulnerabilities

CVE-2017-3806

MEDIUM
CVSS:5.3(Medium)

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject...

CWE-782017

CVE-2018-15726

MEDIUM
CVSS:5.3(Medium)

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.

CWE-782018

CVE-2019-20807

MEDIUM
CVSS:5.3(Medium)

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

CWE-782019

CVE-2020-26294

MEDIUM
CVSS:5.3(Medium)

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server co...

CWE-782020

CVE-2020-3367

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command ...

CWE-782020

CVE-2021-30187

MEDIUM
CVSS:5.3(Medium)

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

CWE-782021