EUVD-2025-24397

Malicious code in bioql PyPI...

CVE-2023-24397

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Reservation.Studio Reservation.Studio widget plugin = 1.0.11 versions...

CVE-2021-24397

The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

CVE-2025-24397

An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins...

CVE-2025-24397

CVE-2025-24397 concerns Jenkins GitLab Plugin (versions 1.9.6 and earlier) where an incorrect permission check in an HTTP endpoint allows attackers with global Item/Configure permission (but not per-job Item/Configure) to enumerate credential IDs of GitLab API tokens and Secret text credentials s...

CVE-2025-24397

An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins...

CVE-2024-24397

creationtimestamp| type| source ---|---|--- 2024-02-05 17:22:25+00:00| seen| https://t.me/ctinow/179353...

CVE-2024-24397

Summary : CVE-2024-24397 affects Stimulsoft Dashboard.JS prior to 2024.1.2. The vulnerability is a Cross Site Scripting (XSS) flaw due to improper sanitization of the ReportName field, enabling a remote attacker to execute arbitrary code via a crafted payload. The commonly cited impact is client-...

CVE-2024-24397

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...

CVE-2023-24397

creationtimestamp| type| source ---|---|--- 2023-08-30 20:12:35+00:00| seen| https://t.me/cibsecurity/69474...

CVE-2023-24397

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Reservation.Studio Reservation.Studio widget plugin = 1.0.11 versions...

CVE-2023-24397

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Reservation.Studio Reservation.Studio widget plugin = 1.0.11 versions...

CVE-2023-24397

CVE-2023-24397 affects the WordPress plugin Reservation.Studio widget (versions

WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Reservation.Studio widget Type Plugin Vulnerable versions = 1.0.11 Fixed in 1.0.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24397 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3242d58b0f7d Credits Nithissh S...

CVE-2022-24397

creationtimestamp| type| source ---|---|--- 2022-03-10 20:26:17+00:00| seen| https://t.me/cibsecurity/38726...

CVE-2022-24397

CVE-2022-24397 affects SAP NetWeaver Enterprise Portal versions 7.30, 7.31, 7.40 and 7.50. The root cause is insufficient encoding of user-controlled inputs, enabling reflected XSS that can deface or modify displayed portal content and potentially compromise the victim’s browser confidentiality a...

CVE-2021-24397

The CVE-2021-24397 entry concerns the WordPress MicroCopy plugin (versions ≤ 1.1.0). The vulnerability is an authenticated SQL injection caused by an unsanitized id parameter in a GET request used to fetch related options, allowing injection into a SQL statement. Documented PoCs show the vulnerab...

CVE-2021-24397 MicroCopy <= 1.1.0 - Authenticated SQL Injection

The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

CVE-2020-24397

creationtimestamp| type| source ---|---|--- 2020-10-06 16:27:46+00:00| published-proof-of-concept| Telegram/dTbvdmjeq1RYgk--0Ak14Mg9wZLToRfNW5oLf9CUZuygpw...

CVE-2020-24397

CVE-2020-24397 affects Zoho ManageEngine Desktop Central 10.0.0.SP-534 (client side). The issue is an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and remote code execution with SYSTEM privileges. Red Hat and other sources c...