16 matches found
CVE-2021-24646
The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2025-24646
creationtimestamp| type| source ---|---|--- 2025-02-03 15:18:45+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtocelan2f 2025-02-03 17:48:51+00:00| seen| https://t.me/cvedetector/17070 2025-02-03 18:10:45+00:00| seen|...
CVE-2025-24646
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc XML for Avito xml-for-avito allows Reflected XSS.This issue affects XML for Avito: from n/a through = 2.5.2...
CVE-2025-24646 WordPress XML for Avito Plugin <= 2.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maxim Glazunov XML for Avito allows Reflected XSS. This issue affects XML for Avito: from n/a through 2.5.2...
CVE-2025-24646 WordPress XML for Avito Plugin <= 2.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc XML for Avito xml-for-avito allows Reflected XSS.This issue affects XML for Avito: from n/a through = 2.5.2...
CVE-2025-24646
CVE-2025-24646: WordPress XML for Avito plugin (XML for Avito)
CVE-2023-24646
creationtimestamp| type| source ---|---|--- 2023-02-14 00:30:09+00:00| seen| https://t.me/cibsecurity/58037 2025-03-21 18:19:50+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8391...
CVE-2023-24646
CVE-2023-24646 affects Food Ordering System v2.0; the vulnerability is an arbitrary file upload via /fos/admin/ajax.php that can lead to arbitrary code execution. The CVSS v3.1 base score is 9.8 (CRITICAL) with network access, no authentication, and high impact on confidentiality, integrity, and ...
CVE-2023-24646
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-24646
CVE-2022-24646 affects Hospital Management System v4.0. A SQL injection exists in the /Hospital-Management-System-master/contact.php endpoint via the txtMsg parameter, as evidenced by multiple sources (including exploitdb) describing injections through contact.php. This leads to potential data di...
CVE-2021-24646
CVE-2021-24646 affects the Booking.com Banner Creator WordPress plugin pre-1.4.3. The vulnerability arises from improper input sanitization when creating banners, enabling stored Cross-Site Scripting (XSS) by high-privilege admins (admin+ scope). Multiple sources corroborate an XSS vector in the ...
CVE-2021-24646 Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting
The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2020-24646
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-24646
HPE Intelligent Management Center (iMC) before PLAT 7.3 (E0705P07) is affected by CVE-2020-24646. The vulnerability is a stack-based buffer overflow in the tftpserver component that allows remote code execution. The root cause is improper validation of the length of user-supplied data prior to co...
CVE-2026-24646
...
CVE-2026-24646
This CVE entry is rejected/not used as stated in the initial description.