CVE-2025-11737

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitsnstitle' parameter in all versions up to, and including, 9.112.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2020-11737

A cross-site scripting XSS vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring including the quotes followed...

Linux Distros Unpatched Vulnerability : CVE-2019-11737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a wildcard '' is specified for the host in Content Security Policy CSP directives, any port or path restriction of the directive will be ignored, leading to...

Schneider Electric Modicon Improper Input Validation (CVE-2024-11737)

An improper input validation vulnerability exists that could lead to a denial-of-service and a loss of confidentiality and integrity in the controller when an unauthenticated crafted Modbus packet is sent to the device. This plugin only works with Tenable.ot. Please visit...

CVE-2024-11737

creationtimestamp| type| source ---|---|--- 2024-12-11 09:39:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113633523001138853 2024-12-11 12:43:54+00:00| seen| https://t.me/cvedetector/12627 2024-12-17 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-...

CVE-2024-11737

CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device...

CVE-2024-11737

CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device...

CVE-2024-11737

CVE-2024-11737 affects Schneider Electric Modicon controllers (M241/M251/M258 and LMC058). The vulnerability is improper input validation in Modbus processing, allowing an unauthenticated crafted Modbus packet to cause denial of service and compromise confidentiality and integrity of the controll...

Ubuntu: Security Advisory (USN-4122-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0368)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisory (MFSA2019-25) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2020-11737

A cross-site scripting XSS vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring including the quotes followed...

CVE-2020-11737

A cross-site scripting XSS vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring including the quotes followed...

CVE-2020-11737

CVE-2020-11737 concerns Zimbra Web Client (9.0) with an XSS vulnerability: an attacker can craft links in email/calendar invites that execute arbitrary JavaScript. The attack requires an A element with an href containing a "www" substring followed immediately by a DOM event listener (e.g., onmous...

Mozilla Firefox < 69.0

The version of Firefox installed on the remote Windows host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory. - Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported memory safe...

Ubuntu: Security Advisory (USN-4122-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox < 69.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory. - Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported...

Fedora Update for sleuthkit FEDORA-2018-7270b39f50

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for sleuthkit FEDORA-2018-a94297f037

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : sleuthkit (2018-7270b39f50)

Fix security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...