CVE-2022-24722

VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...

CVE-2025-24722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Stored XSS.This issue affects FAQ Builder AYS: from n/a through = 1.7.3...

CVE-2025-24722

CVE-2025-24722 is a Stored XSS in the WordPress plugin FAQ Builder AYS (WordPress FAQ Builder AYS) affecting versions from 0? through 1.7.3 as reported. The root cause is described as improper neutralization of input during web page generation, enabling injection of malicious scripts. Several sou...

CVE-2024-24722

creationtimestamp| type| source ---|---|--- 2024-02-19 07:21:49+00:00| seen| https://t.me/ctinow/187486 2024-02-19 07:21:53+00:00| seen| https://t.me/ctinow/187490 2024-02-20 05:30:40+00:00| seen| https://t.me/arpsyndicate/3557 2025-03-25 16:40:23+00:00| seen|...

CVE-2024-24722

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and...

CVE-2024-24722

CVE-2024-24722 describes an unquoted service path vulnerability in the 12d Synergy Server and 12d Synergy File Replication Server components. The issue allows an attacker to gain elevated privileges via the executable service path. Affected software includes 12d Synergy Server and 12d Synergy Fil...

CVE-2022-24722

VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...

CVE-2022-24722

CVE-2022-24722 affects the view_component gem for Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability where user input interpolated into translate is not properly sanitized before display. Mitigations are available in version 2.31.2 and 2.49.1. Workarou...

CVE-2022-24722 Cross-site Scripting in view_component

VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...

CVE-2022-24722 Cross-site Scripting in view_component

VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...

CVE-2021-24722

The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24722 Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting

The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24722

The WordPress Restaurant Menu by MotoPress plugin (versions before 2.4.2) is vulnerable to a stored XSS due to inadequate sanitization/escaping when creating new menu items. This can allow an authenticated user to inject scripts that may execute in admin and public pages. Remediation: update the ...

CVE-2020-24722

The CVE-2020-24722 issue affects GAEN (Google/Apple Exposure Notifications) protocol used by COVID-19 apps on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack, which can lead to metadata deanonymization and risk...