This repository contains a list of CVEs that have been found and documented by the Hacking-Notes team. Each entry includes details about the vulnerability, its impact, and potential mitigation strategies.
Blog Articles: https://hacking-notes.medium.com/
Patched
- CVE-2024-51490 ---> Stored Cross-Site Scripting | Admin Account Takeover | Custom URL - Logo
- CVE-2024-51486 ---> Stored Cross-Site Scripting | Admin Account Takeover | Custom URL - Favicon
- CVE-2024-51489 ---> CSRF - Insufficient Validation | Sending Messages Without Proper Validation
- CVE-2024-51488 ---> CSRF - Insufficient Validation | Delete Message Without Proper Validation
- CVE-2024-51485 ---> CSRF - Insufficient Validation | Plugins (Activation/Deactivation) Without Proper Validation
- CVE-2024-51484 ---> CSRF - Insufficient Validation | Controllers (Activation/Deactivation) Without Proper Validation
- CVE-2024-51487 ---> CSRF - Insufficient Validation | Catalog (Activation/Deactivation) Without Proper Validation
- CVE-2024-51379 ---> Stored Cross-Site Scripting | Admin Account Takeover
- CVE-2024-51380 ---> Stored Cross-Site Scripting | Admin Account Takeover
- CVE-2024-51381 ---> CSRF - Missing protection | Admin Account Creation
- CVE-2024-51382 ---> CSRF - Missing protection | Admin Password Reset