CVE-2024-48530
- EPSS 0.27%
- Veröffentlicht 20.11.2024 21:15:07
- Zuletzt bearbeitet 01.10.2025 15:52:27
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-48531
- EPSS 0.2%
- Veröffentlicht 20.11.2024 21:15:07
- Zuletzt bearbeitet 01.10.2025 15:49:24
A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
CVE-2024-48533
- EPSS 0.11%
- Veröffentlicht 20.11.2024 21:15:07
- Zuletzt bearbeitet 01.10.2025 15:45:30
A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts.
CVE-2024-48534
- EPSS 0.2%
- Veröffentlicht 20.11.2024 21:15:07
- Zuletzt bearbeitet 01.10.2025 15:44:58
A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
CVE-2024-48535
- EPSS 0.12%
- Veröffentlicht 20.11.2024 21:15:07
- Zuletzt bearbeitet 01.10.2025 15:43:48
A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVE-2024-48536
- EPSS 0.13%
- Veröffentlicht 20.11.2024 21:15:07
- Zuletzt bearbeitet 01.10.2025 18:25:16
Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request.