19 matches found
CVE-2020-24393
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
CVE-2024-24393
File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request...
CVE-2023-24393
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Sk. Abul Hasan Animated Number Counters plugin = 1.6 versions...
CVE-2024-24393
File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request...
CVE-2024-24393
File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request...
CVE-2024-24393
File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request...
CVE-2024-24393
CVE-2024-24393 : Pichome v1.1.01 contains an index.php file upload vulnerability that allows a remote attacker to execute arbitrary code via a crafted POST request. Severity is high (CVSS v3.1: 9.8, Network, No user interaction). Connected sources corroborate a remote code execution impact from a...
CVE-2023-24393
creationtimestamp| type| source ---|---|--- 2023-08-10 16:15:53+00:00| seen| https://t.me/cibsecurity/68198...
CVE-2023-24393
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Sk. Abul Hasan Animated Number Counters plugin = 1.6 versions...
CVE-2023-24393
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Sk. Abul Hasan Animated Number Counters plugin = 1.6 versions...
CVE-2023-24393 WordPress Animated Number Counters Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Sk. Abul Hasan Animated Number Counters plugin = 1.6 versions...
CVE-2023-24393
CVE-2023-24393: WordPress Animated Number Counters plugin
WordPress Animated Number Counters Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Software Animated Number Counters Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24393 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5aac80fb8728 Credits yuyudhn Required...
CVE-2022-24393
The vulnerability CVE-2022-24393 affects Fidelis Network and Deception CommandPost. It allows authenticated command injection via the web interface by abusing the check_vertica_upgrade value for the cpIp parameter. An attacker with an authenticated session could craft an HTTP request to execute s...
CVE-2021-24393
A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
CVE-2021-24393
The CVE-2021-24393 entry concerns the WordPress plugin Comment Highlighter (versions up to 0.13). The vulnerability is a SQL injection caused by unsanitized/unchecked c GET parameters that are inserted into an SQL statement. The provided connected documents corroborate this exact flaw across mult...
CVE-2021-24393 Comment Highlighter <= 0.13 - Authenticated SQL Injection
A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
CVE-2020-24393
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
CVE-2020-24393
CVE-2020-24393 affects TweetStream 2.6.1. The vulnerability arises from insecure use of the eventmachine library that omits TLS hostname validation, enabling potential man-in-the-middle attacks. Public sources (including Red Hat, OSV, MV sources) reiterate the same description and do not specify ...