Mohammed Shine

#9200of 53,635
29.7Total CVSS
Vulnerabilities · 5
Medium
3
High
2
PT-2024-33121
4.8
2024-10-29
Unknown · Teslalogger · CVE-2024-48461
**Name of the Vulnerable Software and Affected Versions** TeslaLogger versions prior to 1.59.6 **Description** A Cross Site Scripting issue in the Admin Panel allows a remote attacker to execute arbitrary code via the New Journey field. **Recommendations** For versions prior to 1.59.6, update to version 1.59.6 or later to resolve the issue.
PT-2024-37477
7.4
2024-10-28
Maruti Suzuki · Maruti Suzuki Smartplay · CVE-2024-6245
Name of the Vulnerable Software and Affected Versions: Maruti Suzuki SmartPlay version 66T0.05.50 Description: The issue is related to the use of default credentials in Maruti Suzuki SmartPlay on Linux, specifically in Infotainment Hub modules. This allows an attacker to attempt common or default usernames and passwords. The problem was identified in a 2022 Maruti Suzuki Brezza in the India market. Recommendations: For version 66T0.05.50, change the default credentials to unique and strong usernames and passwords to prevent unauthorized access. Consider disabling the use of default credentials as a temporary workaround until a more permanent solution is available.
PT-2024-11591
7.1
2024-04-22
Phpfox · Phpfox · CVE-2022-34560
**Name of the Vulnerable Software and Affected Versions** PHPFox version 4.8.9 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `History` parameter. **Recommendations** For PHPFox version 4.8.9, consider restricting access to the `History` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-11592
4.3
2024-04-22
Phpfox · Phpfox · CVE-2022-34561
**Name of the Vulnerable Software and Affected Versions** PHPFox version 4.8.9 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `video description` parameter. **Recommendations** For PHPFox version 4.8.9, consider restricting access to the video description parameter until a patch is available. As a temporary workaround, avoid using the `video description` parameter in affected areas until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-11593
6.1
2024-04-22
Phpfox · Phpfox · CVE-2022-34562
**Name of the Vulnerable Software and Affected Versions** PHPFox version 4.8.9 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box. **Recommendations** For PHPFox version 4.8.9, consider disabling the status box feature until a patch is available to prevent exploitation of this issue.