How severe is CVE-2024-6936?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-6936?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2024-6936 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271991. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-7787

MEDIUM

CVSS:4.9(Medium)

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

CWE-942016

CVE-2023-44381

MEDIUM

CVSS:4.9(Medium)

October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_parti...

CWE-942023

CVE-2024-53382

MEDIUM

CVSS:4.9(Medium)

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can...

CWE-942024

CVE-2024-53386

MEDIUM

CVSS:4.9(Medium)

Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowe...

CWE-942024

CVE-2021-42754

MEDIUM

CVSS:5.0(Medium)

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without...

CWE-942021

CVE-2024-29991

MEDIUM

CVSS:5.0(Medium)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-942024