CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...

Microsoft Office Denial of Service Vulnerability (CNVD-2025-24415)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A denial of service vulnerability exists in Microsoft Office, which can be exploited by attackers to cause...

CVE-2021-24415

The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the...

CVE-2025-24415

creationtimestamp| type| source ---|---|--- 2025-02-11 18:19:16+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwbih6zta2x 2025-02-11 18:48:46+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113986746350199409...

CVE-2025-24415

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

CVE-2025-24415

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

CVE-2025-24415

Adobe Commerce and Magento Open Source are affected by a stored XSS vulnerability in vulnerable form fields across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged attacker can inject malicious scripts, which may execute in a victim’s browser and could ...

Adobe Illustrator < 25.0 Multiple Vulnerabilities (APSB20-53) (macOS)

The version of Adobe Illustrator installed on the remote macOS host is prior to 25.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-53 advisory. - Adobe Illustrator version 24.1.2 and earlier is affected by a memory corruption vulnerability that occurs when...

CVE-2023-24415

creationtimestamp| type| source ---|---|--- 2023-02-23 18:18:32+00:00| seen| https://t.me/cibsecurity/58789...

CVE-2023-24415

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud AI ChatBot plugin = 4.2.8 versions...

CVE-2023-24415

Cross-Site Request Forgery CSRF vulnerability in QuantumCloud AI ChatBot plugin = 4.2.8 versions...

CVE-2023-24415

CVE-2023-24415 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress ChatBot/QuantumCloud AI ChatBot plugin versions &lt;= 4.2.8. The NVD entry details a high-impact issue (CVSS v3.1: 8.8, HIGH) with network attack vector, no privileges required, user interaction required, ...

WordPress ChatBot Plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24415 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 56586a24f6dd Credits Rafshanzani Suhada Required...

CVE-2022-24415

creationtimestamp| type| source ---|---|--- 2022-03-12 00:15:05+00:00| seen| https://t.me/cibsecurity/38832 2022-03-23 10:17:52+00:00| seen| https://t.me/truesecator/2762 2022-03-23 13:53:34+00:00| seen| https://t.me/SecLabNews/11819 2022-03-24 10:36:03+00:00| seen| https://t.me/sysodmins/14390...

CVE-2022-24415

Dell BIOS contains an improper input validation vulnerability that can be exploited by a local authenticated attacker using an SMI to gain arbitrary code execution during System Management Mode (SMM). Several sources describe this family of flaws (CVE-2022-24415) as affecting Dell BIOS across mul...

CVE-2022-24415

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM...

CVE-2021-24415

creationtimestamp| type| source ---|---|--- 2021-10-18 18:31:57+00:00| seen| https://t.me/cibsecurity/30697...

CVE-2021-24415

The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the...

CVE-2021-24415 Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting

The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the...

CVE-2021-24415

CVE-2021-24415 affects the WordPress plugin Polo Video Gallery