In Joomla versions 4.0.0 to 4.4.5 and 5.0.0 to 5.1.1 a medium severity vulnerability CVE-2024-21730 was detected. This vulnerability allows attackers to inject malicious scripts that would be executed in the user’s browser, posing a security risk. To fix this problem, users should upgrade Joomla to versions 4.4.6 and 5.1.2. For more details, https://avd.aquasec.com/nvd/2024/cve-2024-21730.
Read more CMS
In Joomla versions 3.0.0 to 3.10.15, 4.0.0 to 4.4.5, and 5.0.0 to 5.1.1 a medium severity vulnerability CVE-2024-21731 was detected. This vulnerability allows attackers to embed harmful scripts that can run within a user’s web browser, posing significant security risks. To fix this problem, users should upgrade Joomla to versions 3.10.16, 4.4.6, and 5.1.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21731.
In Magento versions before 20.10.1 a medium severity vulnerability CVE-2024-41676 was detected. This vulnerability allows attackers to view sensitive files in GitLab. To fix this problem, users should upgrade Magento to version 20.10.1 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41676.
Read more E-commerce
In all WooCommerce versions up to, and including 3.5.1 a medium severity vulnerability CVE-2024-6458 was detected. Attackers with basic access can change post titles without permission. This can also lead to harmful scripts being saved, which can affect admins who view these posts. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6458.
Read more E-commerce
In Magento versions prior to 20.10.1 a medium severity vulnerability CVE-2024-41676 was detected. There is a security issue where admins can accidentally add harmful code in these settings: design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt. These settings allow text or image URLs but may unintentionally include dangerous code. This issue is fixed in version 20.10.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41676.
Read more E-commerce
In Dolibarr ERP CRM versions before 19.0.2-php8.2 a high severity vulnerability CVE-2024-40137 was detected. A vulnerability in the Computed field parameter of the Users Module Setup in Dolibarr ERP CRM allows remote code execution. This issue is fixed in versions 19.0.2-php8.2 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-40137.
In Joomla versions 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1 a low severity vulnerability CVE-2024-26279 was detected. This vulnerability allows attackers to access sensitive data via cross-scripting. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-26279/.
Read more CMS
In Joomla versions from 3.7.0 through 3.10.15, from 4.0.0 through 4.4.5, and from 5.0.0 through 5.1.1 a medium severity vulnerability CVE-2024-26278 was detected. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions or data theft. To fix this problem, users should upgrade Joomla to one of the following versions 3.10.16, 4.4.6, or 5.1.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-26278.
In OpenVPN version 2.0.4 a low severity vulnerability CVE-2024-28820 was detected. This vulnerability allows attackers to access sensitive data. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-28820/.
Read more CMS